我正在尝试使用forge.puppet.com(由Vox Pupuli)使用pupel / nginx模块配置Nginx,使用此Hiera yaml文件:
[Table("AbpItems")]
public class Item : Entity
{
[ForeignKey("PostId")]
public Post Post { get; set; }
public int PostId { get; set; }
}
但是当它生成两个Nginx配置(devops-alldomains.conf和devops-alldomains-ssl.conf)时,SSL一个不符合预期:
nginx::nginx_servers:
'devops-alldomains':
server_name:
- '~^(?<fqdn>.+?)$'
www_root: '/var/www/$fqdn'
index_files:
- 'index.php'
try_files:
- '$uri'
- '$uri/'
- '/index.php?$args'
access_log: '/var/log/nginx/devops-alldomains-access.log'
error_log: '/var/log/nginx/devops-alldomains-error.log'
'devops-alldomains-ssl':
server_name:
- '~^(?<fqdn>.+?)$'
listen_port: '443'
www_root: '/var/www/$fqdn'
ssl: true
ssl_key: '/etc/ssl/www/$fqdn.key'
ssl_cert: '/etc/ssl/www/$fqdn.crt'
index_files:
- 'index.php'
try_files:
- '$uri'
- '$uri/'
- '/index.php?$args'
access_log: '/var/log/nginx/devops-alldomains-access-ssl.log'
error_log: '/var/log/nginx/devops-alldomains-error-ssl.log'
nginx::nginx_locations:
'devops-alldomains':
location: '~ \.php$'
www_root: '/var/www/$fqdn'
server: 'devops-alldomains'
fastcgi: 'unix:/var/run/php7-fpm.sock'
fastcgi_split_path: '^(.+\.php)(/.*)$'
fastcgi_index: 'index.php'
fastcgi_param:
'SCRIPT_FILENAME': '$document_root$fastcgi_script_name'
'devops-alldomains-ssl':
location: '~ \.php$'
www_root: '/var/www/$fqdn'
server: 'devops-alldomains-ssl'
fastcgi: 'unix:/var/run/php7-fpm.sock'
fastcgi_split_path: '^(.+\.php)(/.*)$'
fastcgi_index: 'index.php'
fastcgi_param:
'SCRIPT_FILENAME': '$document_root$fastcgi_script_name'
正如您所看到的,位置指令不在服务器指令之内,因此Nginx永远不会启动。有谁知道什么可能是错的?我甚至试图简化这种配置,只使用基本指令(即使没有ssl和php),但结果却完全相同。非常感谢你的帮助。
更新
看起来我设法用你的帮助人员解决了这个问题;)这是当前的配置:
location / {
root /var/www/$fqdn;
index index.php;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
root /var/www/$fqdn;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# MANAGED BY PUPPET
server {
listen *:443 ssl;
server_name ~^(?<fqdn>.+?)$;
ssl on;
ssl_certificate /etc/ssl/www/$fqdn.crt;
ssl_certificate_key /etc/ssl/www/$fqdn.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE- RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256- GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
index index.php;
access_log /var/log/nginx/devops-alldomains-access-ssl.log combined;
error_log /var/log/nginx/devops-alldomains-error-ssl.log;
location / {
root /var/www/$fqdn;
index index.php;
try_files $uri $uri/ /index.php?$args;
}
}
现在我有两个独立的Nginx配置文件 - 一个用于非SSL,第二个用于SSL。第一个问题是我在相关位置(devops-alldomains-ssl-loc)下缺少 ssl:true 和 ssl_only:true ,其次是我必须同时设置两个服务器指令下的 listen_port:'443'和 ssl_port:'443'。我也改变了地点的名称,但它似乎没有做任何问题(或解决某些问题)。
要完成此操作,以下是使用的工具版本:
傀儡:4.10.9
Hiera:3.3.2
Nginx:1.12.2-1~xenial
puppet / nginx(伪造模块):0.9.0
感谢您的帮助。我非常感激!