我想将example.com指向localhost:3000,将api.example.com指向localhost:3010。在this和this教程之后,我设法让它工作,但它不是很安全。你们有没有想法如何将它限制为仅限https?如果我转到http://example.com,我会通过Chrome中的网址获得“不安全”。
这是我的默认网站Nginx配置(/etc/nginx/sites-enabled/default中的一个):
server {
# HTTP — redirect all traffic to HTTPS
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
}
在/etc/nginx/conf.d/example.com.conf
中制作配置文件server {
server_name example.com;
# Use SSL certificates from Letsencrypt
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Include SSL config from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
在/etc/nginx/conf.d/api.example.com.conf中制作了另一个配置文件
server {
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3010/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
答案 0 :(得分:2)
我注意到的第一件事是你的server_name指令在两个文件中是相同的,即使你暗示你希望api.example.com.conf中的server_name是api.example.com。
另外,我认为您必须在与server_name指令相同的服务器块中指定端口。也许尝试下面的东西。由于您的默认配置文件未指定server_name,因此我认为它根本不会被引用。
<强> /etc/nginx/conf.d/example.com.conf
server {
listen 80 default_server;
listen [::]:80;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# Use SSL certificates from Letsencrypt
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Include SSL config from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
<强> /etc/nginx/conf.d/api.example.com.conf
server {
listen 80;
listen [::]:80;
server_name api.example.com;
return 301 https://api.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3010/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}