Nginx

將所有自定義域重定向到 Laravel 索引

  • July 9, 2018

我們在 Laravel Forge Nginx 伺服器上有一個 Laravel 應用程序,它為 sub.app.com 站點和自定義域(如mycustomdomain.com. 使用sub.example.com萬用字元可以很好地載入網站。主應用程序管理域也是如此my.app.com

在應用程序中添加的自定義或客戶域儲存為名稱為 @ 的 DNS A 和 AAAA 記錄,因此

name @ TTL 1 hr Type A Value ip address

但是,它們不會載入應用程序 404,也不會嘗試顯示頁面。他們改為直接到應用程序後端my.app.com。我們還不知道為什麼。訂閱者在不存在時會載入 Laravel 404。它們(自定義域)應該嘗試從應用程序提供數據。

這是我們擁有的 Nginx 配置。我們有一個包羅萬象的:

server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name _;
   return 301 https://$host$request_uri;
}

和一個帶有萬用字元 server_name 和 SSL 詳細資訊的主配置文件,包括 Forge,其中僅存在一個 before:

#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/my.app.com/before/*;

server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name *.app.com;
   root /home/forge/my.app.com/current/public;

   # FORGE SSL (DO NOT REMOVE!)
   ssl_certificate /etc/nginx/ssl/my.app.com/xxxxx/server.crt;
   ssl_certificate_key /etc/nginx/ssl/my.app.com/xxxx/server.key;

   ssl_protocols TLSv1.2;
   ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/nginx/dhparams.pem;

   add_header X-Frame-Options "SAMEORIGIN";
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Content-Type-Options "nosniff";

   index index.html index.htm index.php;

   charset utf-8;

   # FORGE CONFIG (DO NOT REMOVE!)
   include forge-conf/my.app.com/server/*;

   location / {
       try_files $uri $uri/ /index.php?$query_string;
   }

   location = /favicon.ico { access_log off; log_not_found off; }
   location = /robots.txt  { access_log off; log_not_found off; }

   access_log off;
   error_log  /var/log/nginx/my.app.com-error.log error;

   error_page 404 /index.php;

   location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
       fastcgi_index index.php;
       include fastcgi_params;
   }

   location ~ /\.(?!well-known).* {
       deny all;
   }
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/my.app.com/after/*;

和之前的腳本載入:

# Redirect every request to HTTPS...
server {
   listen 80;
   listen [::]:80;

   server_name *.app.com;
   return 301 https://$host$request_uri;
}

# Redirect SSL to primary domain SSL...
server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;

   # FORGE SSL (DO NOT REMOVE!)
   ssl_certificate /etc/nginx/ssl/my.app.com/xxxxx/server.crt;
   ssl_certificate_key /etc/nginx/ssl/my.app.com/xxxxx/server.key;

   ssl_protocols TLSv1.2;
   ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/nginx/dhparams.pem;

   server_name www.my.app.com;
   return 301 https://my.app.com$request_uri;
}

現在自定義域被重定向到 443,然後到 my.app.com。它應該載入根應用程序數據。為什麼自定義域不嘗試載入像子域這樣的數據並重定向到 my.app.com 的任何想法?

我在主配置上方添加了另一個塊,並將其設為預設值,而不是包羅萬象:

server {
   listen  *:80 default_server;
   listen  *:443 default_server;
   root /home/forge/my.app.com/current/public;

   ssl_certificate /etc/nginx/ssl/my.app.com/xxxxx/server.crt;
   ssl_certificate_key /etc/nginx/ssl/my.app.com/xxxxx/server.key;

   ssl_protocols TLSv1.2;
   ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/nginx/dhparams.pem;

   add_header X-Frame-Options "SAMEORIGIN";
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Content-Type-Options "nosniff";

   index index.html index.htm index.php;

   location / {
       try_files $uri $uri/ /index.php?$query_string;
   }

   location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
       fastcgi_index index.php;
       include fastcgi_params;
   }
}

這現在載入應用程序數據。現在包羅萬象

server {
   listen 80;
   listen [::]:80;
   server_name _;
   return 444;
}

我們可能需要調整主配置的新自定義域伺服器塊以使用 LE SSL 而不是主 SSL,因為我們將 Let’s Encrypt 用於自定義域,但這個特定問題已經解決。

引用自:https://serverfault.com/questions/919737