Nginx使用SSL服务错误的根目录

时间:2016-05-03 13:12:18

标签: ssl nginx

我有两个nginx vhost,它们与域和SSL /根位置相同。它们看起来像这样:

/etc/nginx/sites-available/domain1.co.uk 

server {
    listen 80;
    server_name domain1.co.uk;
    rewrite ^/(.*) https://domain1.co.uk/$1 permanent;
}

server {
    listen               80;
    listen               443 ssl;
    server_name          www.domain1.co.uk;
    ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain1.key;    
    return 301 $scheme://domain1.co.uk$request_uri;
}

server {
    listen 443 ssl;

    server_name domain1.co.uk;

    root        /var/www/domain1.co.uk/public_html;
    ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        try_files $uri @prerender;
    }

    location /blog/ {
    index index.php;
    try_files $uri $uri/ /blog/index.php?$args;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ ^/api {
        try_files $request_uri $request_uri/ /api/index.php?$query_string;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        set $prerender 0;
        if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_|prerender=1") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }

        if ($prerender = 1) {
            rewrite .* /$scheme://$host$request_uri? break;
            #proxy_pass http://localhost:3000;
            proxy_pass http://service.prerender.io;
        }
        if ($prerender = 0) {
            proxy_pass http://127.0.0.1:3000;
        }
    }

}

/etc/nginx/sites-available/domain2.co.uk 

server {
    listen 80;
    server_name domain2.co.uk;
    rewrite ^/(.*) https://domain2.co.uk/$1 permanent;
}

server {
    listen               80;
    listen               443 ssl;
    server_name          www.domain2.co.uk;
    ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain2.key;    
    return 301 $scheme://domain2.co.uk$request_uri;
}

server {
    listen 443 ssl;

    server_name domain2.co.uk;

    root        /var/www/domain2.co.uk/public_html;
    ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        try_files $uri @prerender;
    }

    location /blog/ {
    index index.php;
    try_files $uri $uri/ /blog/index.php?$args;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ ^/api {
        try_files $request_uri $request_uri/ /api/index.php?$query_string;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        set $prerender 0;
        if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_|prerender=1") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }

        if ($prerender = 1) {
            rewrite .* /$scheme://$host$request_uri? break;
            #proxy_pass http://localhost:3000;
            proxy_pass http://service.prerender.io;
        }
        if ($prerender = 0) {
            proxy_pass http://127.0.0.1:3000;
        }
    }

}

当我访问domain1.co.uk时,它只是按预期工作,并重定向到非www https网址。如果我访问domain2.co.uk,它会提供正确的SSL证书,但会在domain2网址上显示domain1网站。

我也有一个默认的服务器块:

server {
    listen 80 default_server;
    return 444;
}

server {
    listen 443 default_server;
    ssl on;
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    return 444;
}

如何配置此功能,以便domain2.co.uk实际上提供来自/var/www/domain2.co.uk/public_html而非domain1的文件?

1 个答案:

答案 0 :(得分:1)

啊!抱歉!我想,你没有domain2.co.uk。希望你有" /var/www/domain2.co.uk/public_html"作为" domain2.co.uk"的根源服务器。你有没有让nginx读取/etc/nginx/sites-available/domain2.co.uk文件,如果没有包含它。基本上,你需要检查" include" /etc/nginx/nginx.conf中的指令,并创建一个sym链接文件" /etc/nginx/sites-enabled/domain2.co.uk"并指向" /etc/nginx/sites-available/domain1.co.uk"启用它。

相关问题
最新问题