Nginx - 通过https访问基于http的二级域时访问https主域
问题描述:
我是nginx新手。 我在同一台服务器上有两个域。 一个基于https &另一对httpNginx - 通过https访问基于http的二级域时访问https主域
即:
https://main.site.com //Accessing a node server app on port 3000
而
http://secondary.site.com //Accessing a node server app on port 9000
当我尝试访问https://secondary.site.com,它实际上访问我https://main.site.com服务器代码,它应该从https://secondary.site.com重定向到http://secondary.site.com
这里是我的nginx的配置:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
server {
listen 80;
server_name main.site.com;
location/{
proxy_pass http://main.site.com:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443;
server_name main.site.com;
location/{
proxy_pass http://main.site.com:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
ssl on;
ssl_certificate /etc/nginx/certificates/cert.pem;
ssl_certificate_key /etc/nginx/certificates/kry.pkey;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers !EDH:!AECDH:!ADH:!DSS:!RC4:ECDSA:HIGH:+3DES;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1; #courbe ECDH
add_header Strict-Transport-Security "max-age=31536000";
}
server {
listen 80;
server_name secondary.site.com;
location/{
proxy_pass http://secondary.site.com:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# set client body size #
client_max_body_size 20M;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
}
答
由于您希望您的HTTPS和二级HTTP的主网站,你可以使用像下面
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
server {
listen 80 default;
server_name _;
return 301 http://secondary.site.com;
}
server {
listen 443 ssl;
server_name main.site.com;
ssl_certificate /etc/nginx/certificates/cert.pem;
ssl_certificate_key /etc/nginx/certificates/kry.pkey;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers !EDH:!AECDH:!ADH:!DSS:!RC4:ECDSA:HIGH:+3DES;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1; #courbe ECDH
add_header Strict-Transport-Security "max-age=31536000";
location/{
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80;
server_name secondary.site.com;
location/{
proxy_pass http://127.0.0.1:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# set client body size #
client_max_body_size 20M;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
}
在这种secondary.site.com仅侦听端口80,主要只在端口https上。我有一个默认的重定向任何HTTP流量直接到辅助站点。但是你可以根据你的要求定制
你没有'https:// secondary.site.com'的'server'块,因此'nginx'将使用你唯一的'https'站点。 [此链接](http://nginx.org/en/docs/http/server_names.html)可能会有所帮助。 –
我想'https:// secondary.site.com'重定向到'http:// secondary.site.com',这样它就可以使用具有9000端口的节点服务器 – StormTrooper
您是否拥有'secondary.site .com'?您需要为'secondary.site.com'添加一个'server'块,它侦听端口443. –