Nginx
Nginx 重定向 www 但不重定向非 www
192.123.100.251我已經在具有以下配置的 IP 地址的伺服器中配置了帶有 Bind9 的 DNS 伺服器:named.conf ========== include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; zone "example.com" { type master; file "/etc/bind/db.example.com"; allow-transfer { none; }; allow-query { any; }; }; zone "100.123.192.in-addr.arpa" { type master; file "/etc/bind/db.100.123.192"; allow-transfer { none; }; allow-query { any; }; }; db.example.com ================ $TTL 86400 ; @ IN SOA ns1.example.com. root.example.com. ( 1 ; 6H ; 1H ; 2W ; 3H ; ) @ IN NS ns1.example.com. ns1 IN A 192.123.100.251 www IN A 192.123.100.251 db.100.123.192 ============= $TTL 86400 ; @ IN SOA ns1.example.com. root.example.com. ( 1 ; 6H ; 1H ; 2W ; 3H ; ) IN NS ns1.example.com. ns1 IN A 192.123.100.251 251 IN PTR ns1.example.com.然後我安裝了 Nginx 讓它作為 Tomcat 的反向代理(尚未實現)。我需要實現 SSL,所以我做了以下配置:
/etc/nginx/sites-available/example.com ====================================== server { listen 443 ssl; listen [::]:443 ssl; include snippets/self-signed.conf; include snippets/ssl-params.conf; root /var/www/example.com/html; index index.html index.htm index.nginx-debian.html; server_name example.com www.example.com; location / { try_files $uri $uri/ =404; } } server { listen 80; listen [::]:80; server_name example.com www.example.com; return 302 https://$server_name$request_uri; } /etc/nginx/snippets/self-signed.conf ==================================== ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; /etc/nginx/snippets/ssl-params.conf =================================== ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable strict transport security for now. You can uncomment the following # line if you understand the implications. # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block";我可以訪問
www.example.com並且https協議似乎已成功實施,但我無法訪問我的網站,example.com因為 Chrome 說無法訪問此網站。我錯過了什麼嗎?提前致謝。
PD。我正在關注本教程:
撇開問題的公共IP地址問題不談,您(對我而言)最明顯的問題是
db.example.com您失踪了@ IN A 192.123.100.251當調試這樣的問題時,從第一原則開始
dig @<nameserver> <host>在這種情況下我能得到一個 dns 響應嗎dig @ns1.example.com example.com(我故意忽略粘合要求,因為名稱伺服器的主機名在您查詢的域內)- 你能 ping 伺服器嗎(隨著人們過濾 ICMP,這個伺服器變得不那麼有用了),但它也會確認 DNS 解析工作正常
- 您能否使用命令行工具訪問該站點,例如
curl -vv https://example.com某些瀏覽器的響應太短或耗時太長