Nginx

所有萬用字元子域流量到 SSL 和自定義域到 Nginx 上的非 SSL HTTP

  • December 3, 2017

我在 Laravel Forge (Nginx) 設置上執行伺服器。我正在創建一個站點建構器,其中使用者username.sitebuilder.com(不是我的真實域)能夠www.whatever.com映射它,這一切都很好。

但是,我需要為 *.sitebuilder.com 添加 SSL 萬用字元證書,並且該證書適用於所有 *.sitebuilder.com 流量。但我需要伺服器仍然收聽 www.whatever.com (不是 SSL),並且在添加證書後不再工作。

如何設置 Nginx 路由到:

當我訪問 www.whatever.com 時,我得到的是Welcome to nginx!頁面,而不是預期的網站。

這是我的配置文件:

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/sitebuilder.com/before/*;

server {
   listen 80;
   listen [::]:80;

   server_name ~.;

   #add_header X-Frame-Options "SAMEORIGIN";
   #add_header X-XSS-Protection "1; mode=block";
   #add_header X-Content-Type-Options "nosniff";

   index index.html index.htm index.php;

   charset utf-8;

   # FORGE CONFIG (DOT NOT REMOVE!)
   include forge-conf/sitebuilder.com/server/*;

   location / {
       try_files $uri $uri/ /index.php?$query_string;
   }

   location = /favicon.ico { access_log off; log_not_found off; }
   location = /robots.txt  { access_log off; log_not_found off; }

   access_log off;
   error_log  /var/log/nginx/sitebuilder.com-error.log error;

   error_page 404 /index.php;

   location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
       fastcgi_index index.php;
       include fastcgi_params;
   }

   location ~ /\.(?!well-known).* {
       deny all;
   }
}

server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name .sitebuilder.com;
   root /home/forge/sitebuilder.com/public;

   # FORGE SSL (DO NOT REMOVE!)
   ssl_certificate /etc/nginx/ssl/sitebuilder.com/00000/server.crt;
   ssl_certificate_key /etc/nginx/ssl/sitebuilder.com/00000/server.key;

   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers '**PRIVATE KEY**';
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/nginx/dhparams.pem;

   #add_header X-Frame-Options "SAMEORIGIN";
   #add_header X-XSS-Protection "1; mode=block";
   #add_header X-Content-Type-Options "nosniff";

   index index.html index.htm index.php;

   charset utf-8;

   # FORGE CONFIG (DOT NOT REMOVE!)
   include forge-conf/sitebuilder.com/server/*;

   location / {
       try_files $uri $uri/ /index.php?$query_string;
   }

   location = /favicon.ico { access_log off; log_not_found off; }
   location = /robots.txt  { access_log off; log_not_found off; }

   access_log off;
   error_log  /var/log/nginx/sitebuilder.com-error.log error;

   error_page 404 /index.php;

   location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
       fastcgi_index index.php;
       include fastcgi_params;
   }

   location ~ /\.(?!well-known).* {
       deny all;
   }
}

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/sitebuilder.com/after/*;

您需要指定一個有效匹配任何內容的server_namefor whatever.com~.並且我假設站點建構器實際上處理了主機名響應。

引用自:https://serverfault.com/questions/886338

相關問答

Networking

為什麼nginx只提供http地址?

  • July 7, 2019
檢視問答
Nginx

nginx如何代理https到http網站(它是如何工作的)

  • March 21, 2019
檢視問答
Nginx

Nginx 中的 HSTS:是否也應該在子域伺服器塊中添加 Strict-Transport-Security 標頭?

  • May 27, 2018
檢視問答
Nginx

Nginx 上的“如果可能,請刪除以下重定向鏈”

  • February 20, 2017
檢視問答
Nginx

虛擬主機和 SSL 之間的 Nginx 問題

  • January 23, 2017
檢視問答
Nginx

RHEL Nginx SSL 與非 SSL 的性能差異巨大。

  • February 7, 2016
檢視問答