【问题标题】:Nginx serving the wrong root with SSLNginx 使用 SSL 服务错误的根目录
【发布时间】:2016-08-28 13:24:28
【问题描述】:

我有两个相同的 nginx 虚拟主机,除了域和 SSL/根位置。它们看起来像这样:

/etc/nginx/sites-available/domain1.co.uk

server {
    listen 80;
    server_name domain1.co.uk;
    rewrite ^/(.*) https://domain1.co.uk/$1 permanent;
}

server {
    listen               80;
    listen               443 ssl;
    server_name          www.domain1.co.uk;
    ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain1.key;    
    return 301 $scheme://domain1.co.uk$request_uri;
}

server {
    listen 443 ssl;

    server_name domain1.co.uk;

    root        /var/www/domain1.co.uk/public_html;
    ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        try_files $uri @prerender;
    }

    location /blog/ {
    index index.php;
    try_files $uri $uri/ /blog/index.php?$args;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ ^/api {
        try_files $request_uri $request_uri/ /api/index.php?$query_string;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        set $prerender 0;
        if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_|prerender=1") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }

        if ($prerender = 1) {
            rewrite .* /$scheme://$host$request_uri? break;
            #proxy_pass http://localhost:3000;
            proxy_pass http://service.prerender.io;
        }
        if ($prerender = 0) {
            proxy_pass http://127.0.0.1:3000;
        }
    }

}

/etc/nginx/sites-available/domain2.co.uk

server {
    listen 80;
    server_name domain2.co.uk;
    rewrite ^/(.*) https://domain2.co.uk/$1 permanent;
}

server {
    listen               80;
    listen               443 ssl;
    server_name          www.domain2.co.uk;
    ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain2.key;    
    return 301 $scheme://domain2.co.uk$request_uri;
}

server {
    listen 443 ssl;

    server_name domain2.co.uk;

    root        /var/www/domain2.co.uk/public_html;
    ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        try_files $uri @prerender;
    }

    location /blog/ {
    index index.php;
    try_files $uri $uri/ /blog/index.php?$args;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ ^/api {
        try_files $request_uri $request_uri/ /api/index.php?$query_string;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        set $prerender 0;
        if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_|prerender=1") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }

        if ($prerender = 1) {
            rewrite .* /$scheme://$host$request_uri? break;
            #proxy_pass http://localhost:3000;
            proxy_pass http://service.prerender.io;
        }
        if ($prerender = 0) {
            proxy_pass http://127.0.0.1:3000;
        }
    }

}

当我访问 domain1.co.uk 时,它会按预期工作,并重定向到非 www https URL。如果我访问domain2.co.uk,它会提供正确的 SSL 证书,但会在 domain2 URL 上显示 domain1 站点。

我也有一个默认服务器块:

server {
    listen 80 default_server;
    return 444;
}

server {
    listen 443 default_server;
    ssl on;
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    return 444;
}

我该如何配置,以便 domain2.co.uk 实际上从 /var/www/domain2.co.uk/public_html 而不是 domain1 提供文件?

【问题讨论】:

    标签: ssl nginx


    【解决方案1】:

    啊!对不起!我想,你没有domain2.co.uk。希望您将“/var/www/domain2.co.uk/public_html”作为“domain2.co.uk”服务器的根。你是否让 nginx 读取 /etc/nginx/sites-available/domain2.co.uk 文件,如果它不包括在内。基本上,您需要检查 /etc/nginx/nginx.conf 中的“include”指令,并创建一个符号链接文件“/etc/nginx/sites-enabled/domain2.co.uk”并将其指向“ /etc/nginx/sites-available/domain1.co.uk”来启用它。

    【讨论】:

    • 这正是我所拥有的。主要代码块是我在两个域的两个文件中的内容,即/etc/nginx/sites-available/domain1.co.uk/etc/nginx/sites-available/domain2.co.uk
    • 我有符号链接,nginx.conf 有include /etc/nginx/conf.d/*.conf;include /etc/nginx/sites-enabled/*;,这对我来说似乎是正确的。我有点难过:/
    • 哦!现在很难。好的,你修改后是否重新加载了 nginx 服务?而且,您是否有可能最初将 domain2.co.uk 指向 domain1 的根目录并且您的浏览器缓存了它?
    • 原来我是个白痴。我使用 Nginx 作为 NodeJS 应用程序的反向代理,两个文件都执行 proxy_pass http://127.0.0.1:3000; 指向同一个应用程序。
    • 啊哈!很高兴你找到它:)
    猜你喜欢
    • 2021-09-03
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-06-30
    • 1970-01-01
    • 2018-12-30
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多