nginx的多域http、https同时访问配置及http重定向https

最新推荐文章于 2024-02-21 11:36:02 发布

daydreamdayday

最新推荐文章于 2024-02-21 11:36:02 发布

阅读量215

点赞数

文章标签： nginx http https 运维服务器

本文链接：https://blog.csdn.net/weixin_42172723/article/details/128883018

版权

nginx的多域http、https同时访问配置及http重定向https

1、关于ssl 服务证书的申请或生成就略过，nginx安装略过了解nginx配置的几个细节： (1)nginx的配置都是由 directives组成，directives由简单指令或者区块指令组成简单指令：

listen 80;

区块指令由｛｝包含，区块指令又可以包含多个简单指令和区块指令：

http { server { } }

(2)关于端口映射。访问同一nginx服务器，指向不同域，所以必须分配不同端口，如果用http://ip:port形式，会很不方便，所以需要用到端口映射，如下(www.aaa.com:8880、www.bbb.com:8881均指向80端口)：

server { listen 80; server_name www.aaa.com; location / { #.... proxy_pass http://localhost:8880; }

} server { listen 80; server_name www.bbb.com; location / { #.... proxy_pass http://localhost:8881; }

}

(3)每次更改conf相关配置文件后需要重启nginx (4)特定跳转页面设置：不带www也能正常跳转，增加一个server如下:

server { listen 80; server_name aaa.com; location / { #.... proxy_pass http://localhost:8880; } ... }

或者进行301跳转

server { listen 80; server_name aaa.com; rewrite ^/(.*) http://www.aaa.com/$1 permanent; }

添加404网页，直接在里面添加，如：

server { listen 80; server_name www.bbb.com; #绑定域名 error_page 404 /404.html; }

最后还有一个方法需要注意，需要禁止IP直接访问80端口或者禁止非本站的域名绑定我们的IP，如下处理，放到最前一个server上面即可：

server{ listen 80 default; server_name _; return 403; }

(5)每个域名可以写一个*.conf文件，然后用include *.conf导入配置，如下 aaa.conf中的内容是:

server { listen 80; server_name www.aaa.com; location / { #.... proxy_pass http://localhost:8880; } ... }

aaa.conf都放在/data/nginx/conf/vhost目录下,然后在nginx.conf中使用引入命令:

include /data/nginx/conf/vhost/*.conf;

需要注意的是这句命令应该放在

http{ }

的花括号内,因为include的命令引入相当于被引入的所有代码写在nginx.conf中一样。

2、nginx关于多域名访问服务器 (1)配置nginx中conf文件夹下的nginx.conf 加入代码(环境是windows 2008 server+upupw_np7.0)

include vhosts.conf;

(2)conf文件夹下新建vhost.conf，加入以下内容：

server { listen 80; server_name aaa.com www.aaa.com; location / { root C:/UPUPW_NP7.0/htdocs; index index.html index.htm default.html default.htm index.php default.php app.php u.php; include C:/UPUPW_NP7.0/htdocs/up-.conf; } autoindex off; include advanced_settings.conf; #include expires.conf; location ~ ./(attachment|attachments|uploadfiles|avatar)/..(php|php5|phps|asp|aspx|jsp)$ { deny all; } location ~ ^.+.php { root C:/UPUPW_NP7.0/htdocs; fastcgi_pass bakend; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+.php)(/?.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi.conf; } } #反向代理到本机其他域名增加以下内容 server { listen 80;
server_name bbb.com  www.bbb.com;
    location / {
    proxy_pass http://127.0.0.1:8888/;    #指定本机服务器其他端口，通过http://ip:port能访问到你的网站
    include uproxy.conf;
               }
  }

配置后可以同时访问aaa.com, bbb.com

3、如果要http、https同时访问配置如下：

server { listen 80; listen 443 ssl;

server_name  aaa.com  www.aaa.com;
#ssl                  on;      #如果不取消本行会产生错误
ssl_certificate      C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;
ssl_certificate_key  C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key;   
#这里我使用的是阿里云的免费证书
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
    location / {
        root   C:/UPUPW_NP7.0/htdocs;
        index  index.html index.htm default.html default.htm index.php default.php app.php u.php;
		include        C:/UPUPW_NP7.0/htdocs/up-*.conf;
    }
	autoindex off;
	include advanced_settings.conf;
	#include expires.conf;
	location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {
    deny all;
    }
    location ~ ^.+\.php {
        root           C:/UPUPW_NP7.0/htdocs;
        fastcgi_pass   bakend;
        fastcgi_index  index.php;
		fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
		fastcgi_param  PATH_INFO $fastcgi_path_info;
		fastcgi_param  PATH_TRANSLATED $document_root$fastcgi_path_info;
        include        fastcgi.conf;
    }
	}

#反向代理到本机其他域名增加以下内容

server { listen 80;
server_name bbb.com www.bbb.com; #ssl on; ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem; ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;

ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on;

location / {
    proxy_pass http://127.0.0.1:8888/;    #指定本机服务器其他端口，通过http://ip:port能访问到你的网站
    include uproxy.conf;
               }
  }

**在设置443端口的时候遇到以下问题：nginx端口占用，启动报错：bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way f

解决方法： 1)cmd输入netstat -aon | findstr “443” 查找端口占用情况，找到提示占用的端口号0.0.0.0:443，查看后，pid值为4, 在系统进程服务中查到pid=4的进程为一个系统后台服务

2)一般该服务为：Routing and Remote Access服务，只需在组件服务中把对应的停掉，重启nginx即可

4、如果要让Http 重定向至 Https,对vhosts.conf配置如下：

server{ listen 80; server_name aaaa.comm www.aaa.com; add_header Strict-Transport-Security max-age=15768000;

return 301 https://$server_name$request_uri;

} server { #listen 80; listen 443 ssl;

server_name  aaa.com  www.aaa.com;
ssl                  on;      #如果不取消本行会产生错误
ssl_certificate      C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;
ssl_certificate_key  C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key;   
#这里我使用的是阿里云的免费证书
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
    location / {
        root   C:/UPUPW_NP7.0/htdocs;
        index  index.html index.htm default.html default.htm index.php default.php app.php u.php;
		include        C:/UPUPW_NP7.0/htdocs/up-*.conf;
    }
	autoindex off;
	include advanced_settings.conf;
	#include expires.conf;
	location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {
    deny all;
    }
    location ~ ^.+\.php {
        root           C:/UPUPW_NP7.0/htdocs;
        fastcgi_pass   bakend;
        fastcgi_index  index.php;
		fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
		fastcgi_param  PATH_INFO $fastcgi_path_info;
		fastcgi_param  PATH_TRANSLATED $document_root$fastcgi_path_info;
        include        fastcgi.conf;
    }
	}

#反向代理到本机其他域名增加以下内容

server{ listen 80; server_name bbb.com www.bbb.com; add_header Strict-Transport-Security max-age=15768000; return 301 https://$server_name$request_uri; } server { #listen 80;
server_name bbb.com www.bbb.com; #ssl on; ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem; ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;

ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on;

location / {
    proxy_pass http://127.0.0.1:8888/;    #指定本机服务器其他端口，通过http://ip:port能访问到你的网站
    include uproxy.conf;
               }
  }

daydreamdayday

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
nginx的多域http、https同时访问配置及http重定向https

nginx的多域http、https同时访问配置及http重定向https1、关于ssl 服务证书的申请或生成就略过，nginx安装略过了解nginx配置的几个细节：(1)nginx的配置都是由 directives组成，directives由简单指令或者区块指令组成简单指令：listen 80;区块指令...
复制链接

扫一扫