我当前的NGInx设置是这样,它将所有来自Http的请求都重定向到HTTPS,然后将请求传递给运行在Unbutu本地主机上的Node服务器。
我的追求是,如何做到这一点,使其仅接受来自app.domain.com(托管在其他位置)和api.domain.com(托管在Ubuntu云中)的请求。因此,如果您访问api.domain.com,则永远不会传递到Node服务器,或者如果您从app.domain.com之外的其他任何地方发送请求,您也永远不会传递到Node服务器。
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.maindomain.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/api.maindomain.com/xxxx.pem;
ssl_certificate_key /etc/letsencrypt/live/api.maindomain.com/xxx.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:xxxx/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}