Question

我已经陷入了在Wordpress MU安装中启用2个域的时刻。主要问题：如何正确配置清漆以了解这两个域？

我有下一个配置：

Nginx前端 - ＆gt;清漆缓存 - ＆gt;清漆后端

网络配置如下：所有请求我的真实IP端口：80和：443被转换为本地IP 192.168.1.70到Nginx。 Nginx将所有请求从80转移到443.然后所有请求都转到Varnish。如果没有缓存Varnish要求后端。

nginx的4个配置文件： frontend-domain1.com frontend-domain2.com

前端的配置类似，除了“server_name”“proxy_set_header主机”选项

server {
listen      192.168.1.70:80;
server_name domain1.com;
return 301 https://$server_name$request_uri;
}

server {
listen      192.168.1.70:443 ssl;
server_name domain1.com;

keepalive_timeout               60 60;

gzip                on;
gzip_comp_level     1;
gzip_min_length     512;
gzip_buffers        8 64k;
gzip_types text/plain;
gzip_proxied        any;

ssl on;
ssl_stapling on;
resolver 8.8.8.8 8.8.4.4;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_certificate      /chain.crt;
ssl_certificate_key  /private.key;
ssl_dhparam /dhparams.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:E$

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
location / {
    proxy_pass      http://127.0.0.1:6081/;
    proxy_set_header    Host              domain1.com;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto https;
    proxy_set_header    X-Forwarded-Port  443;
  }
}

backend-domain1.com backend-domain2.com 除了server_name选项

之外，后端的配置类似

server {
listen 127.0.0.1:81;

root /web/sites/domain1;
index index.php;

gzip                on;
gzip_comp_level     1;
gzip_min_length     512;
gzip_buffers        8 64k;
gzip_types text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
gzip_proxied        any;

server_name domain1.com;

location ~ /\. {
    deny all;
}

location / {
    try_files $uri $uri/ /index.php?$args;
}

rewrite /wp-admin$ $scheme://$host$uri/ permanent;

location ~ \.php$ {
    try_files $uri =404;

location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

rewrite /wp-admin$ $scheme://$host$uri/ permanent;

location ~ \.php$ {
    try_files $uri =404;

    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_pass unix:/var/run/php7.0-fpm.sock;
}

}

清漆配置： default.vcl

vcl 4.0;

backend default {
    .host = "127.0.0.1";
    .port = "81";
}

acl purge {
    "localhost";
    "127.0.0.1";
    "192.168.1.70";
}

sub vcl_recv {

    if (req.method == "PURGE") {
            if (!client.ip ~ purge) {
                    return(synth(405, "This IP is not allowed to send PURGE 
 requests."));
            }
            return (purge);
    }
}

include "/etc/varnish/domain1.vcl";
include "/etc/varnish/domain2.vcl";

domain1.vcl和domain2.vcl与：“req.http.host”

不同

sub vcl_recv {

    if (req.http.host == "domain1.com") {
            if (req.url !~ "^/wp-(login|admin)") {
            unset req.http.cookie;
            }
    }

    set req.http.host = regsub(req.http.host, "^www\.", "");
    set req.http.host = regsub(req.http.host, ":[0-9]+", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");

    if (req.http.Authorization || req.method == "POST") {
            return (pass);
    }

    if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true") {
            return (pass);
    }

    if (req.url ~ "sitemap" || req.url ~ "robots") {
            return (pass);
    }

    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
    set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");

#        if (req.http.cookie ~ "^ *$") {
#                    unset req.http.cookie;
#        }

    if (req.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico|woff|svg|htm|html)") {
            unset req.http.cookie;

    if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") {
            return (pass);
    }

    if (!req.http.cookie) {
            unset req.http.cookie;
    }

    if (req.http.Authorization || req.http.Cookie) {
            # Not cacheable by default
            return (pass);
    }

    return (hash);
}
sub vcl_pass {
    return (fetch);
}

sub vcl_hash {
    hash_data(req.url);

    return (lookup);
}

sub vcl_backend_response {

    unset beresp.http.Server;
    unset beresp.http.X-Powered-By;

    if (bereq.url ~ "sitemap" || bereq.url ~ "robots") {
            set beresp.uncacheable = true;
            set beresp.ttl = 30s;
            return (deliver);
    }
    if (bereq.url ~ "\.(css|js|png|gif|jp(e?)g)|swf|ico|woff|svg|htm|html") 
{
            unset beresp.http.cookie;
            set beresp.ttl = 7d;
            unset beresp.http.Cache-Control;
            set beresp.http.Cache-Control = "public, max-age=604800";
            set beresp.http.Expires = now + beresp.ttl;
    }

    if (bereq.url ~ "wp-(login|admin)" || bereq.url ~ "preview=true") {
            set beresp.uncacheable = true;
            set beresp.ttl = 30s;
            return (deliver);
    }

            if (!(bereq.url ~ "(wp-login|wp-admin|preview=true)")) {
            unset beresp.http.set-cookie;
    }

    if ( bereq.method == "POST" || bereq.http.Authorization ) {
            set beresp.uncacheable = true;
            set beresp.ttl = 120s;
            return (deliver);
    }

    if ( bereq.url ~ "\?s=" ){
            set beresp.uncacheable = true;
            set beresp.ttl = 120s;
            return (deliver);

    if ( beresp.status != 200 ) {
            set beresp.uncacheable = true;
            set beresp.ttl = 120s;
            return (deliver);
    }

    set beresp.ttl = 1d;
    set beresp.grace = 30s;

    return (deliver);
}

sub vcl_deliver {
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.Via;
    unset resp.http.X-Varnish;

    return (deliver);
}

如果我取消注释

#        if (req.http.cookie ~ "^ *$") {
#                    unset req.http.cookie;
#        }

显示第一个打开的域的索引。并忽略了第二个域。所有其他链接完美无缺。如果我重新启动清漆并询问第二个域，则它不会显示第一个域主页。

主要问题：如何正确配置清漆以了解这两个域？

rus：каккорректнозаставвитьварнишобрабатіватьдва\несколькодомена\доменов？

Answer 1

软件版本：清漆-4.1.1修订版66bb824 nginx版本：nginx / 1.10.3 PHP 7.0-fpm

操作系统：Ubuntu 16.04.3 LTS

Answer 2

Varnish是一个透明 HTTP代理，因此它并不关心您通过它传递的域名和数量。它会将浏览器发送到您后端（nginx）的相同Host标头转发。

因此，您只需要确保您的nginx配置（或任何网络服务器配置）将侦听所需的域名。

因此，请确保nginx中的listen指令与您在浏览器中访问网站的域名相同。就这么简单。

在SSL终止服务器块中，以下内容将有助于避免域名的硬编码：

proxy_set_header Host $host;

P.S。 Нутыинаваял：）

清漆nginx wordpress ssl几个域

2 个答案: