Nginx 使用 SSL 服务错误的根目录

【问题标题】:Nginx serving the wrong root with SSLNginx 使用 SSL 服务错误的根目录
【发布时间】:2016-08-28 13:24:28
【问题描述】:

我有两个相同的 nginx 虚拟主机,除了域和 SSL/根位置。它们看起来像这样:

/etc/nginx/sites-available/domain1.co.uk

server {
    listen 80;
    server_name domain1.co.uk;
    rewrite ^/(.*) https://domain1.co.uk/$1 permanent;
}

server {
    listen               80;
    listen               443 ssl;
    server_name          www.domain1.co.uk;
    ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain1.key;    
    return 301 $scheme://domain1.co.uk$request_uri;
}

server {
    listen 443 ssl;

    server_name domain1.co.uk;

    root        /var/www/domain1.co.uk/public_html;
    ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        try_files $uri @prerender;
    }

    location /blog/ {
    index index.php;
    try_files $uri $uri/ /blog/index.php?$args;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ ^/api {
        try_files $request_uri $request_uri/ /api/index.php?$query_string;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        set $prerender 0;
        if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_|prerender=1") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }

        if ($prerender = 1) {
            rewrite .* /$scheme://$host$request_uri? break;
            #proxy_pass http://localhost:3000;
            proxy_pass http://service.prerender.io;
        }
        if ($prerender = 0) {
            proxy_pass http://127.0.0.1:3000;
        }
    }

}

/etc/nginx/sites-available/domain2.co.uk

server {
    listen 80;
    server_name domain2.co.uk;
    rewrite ^/(.*) https://domain2.co.uk/$1 permanent;
}

server {
    listen               80;
    listen               443 ssl;
    server_name          www.domain2.co.uk;
    ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain2.key;    
    return 301 $scheme://domain2.co.uk$request_uri;
}

server {
    listen 443 ssl;

    server_name domain2.co.uk;

    root        /var/www/domain2.co.uk/public_html;
    ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        try_files $uri @prerender;
    }

    location /blog/ {
    index index.php;
    try_files $uri $uri/ /blog/index.php?$args;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ ^/api {
        try_files $request_uri $request_uri/ /api/index.php?$query_string;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        set $prerender 0;
        if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_|prerender=1") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }

        if ($prerender = 1) {
            rewrite .* /$scheme://$host$request_uri? break;
            #proxy_pass http://localhost:3000;
            proxy_pass http://service.prerender.io;
        }
        if ($prerender = 0) {
            proxy_pass http://127.0.0.1:3000;
        }
    }

}

当我访问 domain1.co.uk 时,它会按预期工作,并重定向到非 www https URL。如果我访问domain2.co.uk,它会提供正确的 SSL 证书,但会在 domain2 URL 上显示 domain1 站点。

我也有一个默认服务器块:

server {
    listen 80 default_server;
    return 444;
}

server {
    listen 443 default_server;
    ssl on;
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    return 444;
}

我该如何配置,以便 domain2.co.uk 实际上从 /var/www/domain2.co.uk/public_html 而不是 domain1 提供文件?

【问题讨论】:

    标签: ssl nginx


    【解决方案1】:

    啊!对不起!我想,你没有domain2.co.uk。希望您将“/var/www/domain2.co.uk/public_html”作为“domain2.co.uk”服务器的根。你是否让 nginx 读取 /etc/nginx/sites-available/domain2.co.uk 文件,如果它不包括在内。基本上,您需要检查 /etc/nginx/nginx.conf 中的“include”指令,并创建一个符号链接文件“/etc/nginx/sites-enabled/domain2.co.uk”并将其指向“ /etc/nginx/sites-available/domain1.co.uk”来启用它。

    【讨论】:

    • 这正是我所拥有的。主要代码块是我在两个域的两个文件中的内容,即/etc/nginx/sites-available/domain1.co.uk/etc/nginx/sites-available/domain2.co.uk
    • 我有符号链接,nginx.conf 有include /etc/nginx/conf.d/*.conf;include /etc/nginx/sites-enabled/*;,这对我来说似乎是正确的。我有点难过:/
    • 哦!现在很难。好的,你修改后是否重新加载了 nginx 服务?而且,您是否有可能最初将 domain2.co.uk 指向 domain1 的根目录并且您的浏览器缓存了它?
    • 原来我是个白痴。我使用 Nginx 作为 NodeJS 应用程序的反向代理,两个文件都执行 proxy_pass http://127.0.0.1:3000; 指向同一个应用程序。
    • 啊哈!很高兴你找到它:)
    猜你喜欢
    • 2021-09-03
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-06-30
    • 1970-01-01
    • 2018-12-30
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode