nginx的多域http、https同時訪問配置及http重定向https
1、關於ssl 服務證書的申請或生成就略過
2、nginx關於多域名訪問服務器
(1)配置nginx中conf文件夾下的nginx.conf
加入代碼(環境是windows 2008 server+upupw_np7.0)
include vhosts.conf;
(2)conf文件夾下新建vhost.conf, 加入以下內容:
server {
listen 80;
server_name aaa.com www.aaa.com;
location / {
root C:/UPUPW_NP7.0/htdocs;index index.html index.htm default.html default.htm index.php default.php app.php u.php;
include C:/UPUPW_NP7.0/htdocs/up-.conf;
}
autoindex off;
include advanced_settings.conf;
#include expires.conf;
location ~ .\/(attachment|attachments|uploadfiles|avatar)\/..(php|php5|phps|asp|aspx|jsp)$ {
deny all;
}
location ~ ^.+.php {root C:/UPUPW_NP7.0/htdocs;
fastcgi_pass bakend;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi.conf;
}
}
#反向代理到本機其他域名增加以下內容
server {
listen 80;server_name bbb.com www.bbb.com; location / { proxy_pass http://127.0.0.1:8888/; #指定本機服務器其他端口,通過http://ip:port能訪問到你的網站 include uproxy.conf; } }
配置後可以同時訪問aaa.com, bbb.com
3、如果要http、https同時訪問配置如下:
server {
listen 80;
listen 443 ssl;
server_name aaa.com www.aaa.com;
#ssl on; #如果不取消本行會產生錯誤
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key;
#這裏我使用的是阿裏雲的免費證書
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
root C:/UPUPW_NP7.0/htdocs;
index index.html index.htm default.html default.htm index.php default.php app.php u.php;
include C:/UPUPW_NP7.0/htdocs/up-*.conf;
}
autoindex off;
include advanced_settings.conf;
#include expires.conf;
location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {
deny all;
}
location ~ ^.+\.php {
root C:/UPUPW_NP7.0/htdocs;
fastcgi_pass bakend;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi.conf;
}
}#反向代理到本機其他域名增加以下內容
server {
listen 80;
server_name bbb.com www.bbb.com;
#ssl on;
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / { proxy_pass http://127.0.0.1:8888/; #指定本機服務器其他端口,通過http://ip:port能訪問到你的網站 include uproxy.conf; } }
***在設置443端口的時候遇到以下問題:nginx端口占用,啟動報錯:bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way f
解決方法:
1)cmd輸入netstat -aon | findstr “443” 查找端口占用情況,找到提示占用的端口號0.0.0.0:443,查看後,pid值為4, 在系統進程服務中查到pid=4的進程為一個系統後臺服務
2)一般該服務為:Routing and Remote Access服務,只需在組件服務中把對應的停掉,重啟nginx即可
4、如果要讓Http 重定向至 Https,對vhosts.conf配置如下:
server{
listen 80;
server_name aaaa.comm www.aaa.com;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$server_name$request_uri;}
server {
#listen 80;
listen 443 ssl;
server_name aaa.com www.aaa.com;
ssl on; #如果不取消本行會產生錯誤
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key;
#這裏我使用的是阿裏雲的免費證書
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
root C:/UPUPW_NP7.0/htdocs;
index index.html index.htm default.html default.htm index.php default.php app.php u.php;
include C:/UPUPW_NP7.0/htdocs/up-*.conf;
}
autoindex off;
include advanced_settings.conf;
#include expires.conf;
location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {
deny all;
}
location ~ ^.+\.php {
root C:/UPUPW_NP7.0/htdocs;
fastcgi_pass bakend;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi.conf;
}
}#反向代理到本機其他域名增加以下內容
server{
listen 80;
server_name bbb.com www.bbb.com;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$server_name$request_uri;
}
server {
#listen 80;
server_name bbb.com www.bbb.com;
#ssl on;
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / { proxy_pass http://127.0.0.1:8888/; #指定本機服務器其他端口,通過http://ip:port能訪問到你的網站 include uproxy.conf; } }
nginx的多域http、https同時訪問配置及http重定向https