本人用nginx配置了多个server,一台服务器跑多个网站,一开始全部listen在80端口,后来配置了ssl安全证书
nginx配置文件如下,在浏览器里直接输入www.example1.com和www.example2.com可以正常访问http的接口网站。
如果想要访问https的接口,必须在浏览器里输入https://www.example1.com或者https://www.example2.com才能分别访问安全链接的网站,如果省略前面的协议项,默认访问的是http的不安全网站,如果把example1的80端口server注释掉,在浏览器里直接输入www.example1.com跳出来的是www.example2.com的这个不安全链接,我现在想要达到的目的是直接在浏览器里输入www.example1.com或者www.example2.com能直接访问安全链接网站,二不需要手动在前面加https,请问各位如何实现。
另外还有一个问题是我在该台服务器上运行了nodejs配置了一个nodejs的服务器listen在8081端口,在8081端口开发了一些图片静态资源,如果客户端要请求我的这个8081端口的静态资源,如果我输入www.example1.com:8081/1.png可以get到静态图片,但是如果我输入https:www.example1.com:8081/1.png浏览器会提示该站点无法提供安全链接,请问这个如何解决。
server{
listen 443 ssl;
server_name www.example1.com;
ssl_certificate 80000000_www.example1.pem;
ssl_certificate_key 8000000_www.example1.key;
root /www/example1;
include enable-php.conf;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www.example1.com;
root /www/example1;
include enable-php.conf;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server{
listen 443 ssl;
server_name www.example2.com;
ssl_certificate 80000000_www.example2.pem;
ssl_certificate_key 8000000_www.example2.key;
root /www/example2;
include enable-php.conf;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www.example2.com;
root /www/example2;
include enable-php.conf;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
使用 return 301 来跳转,用这个的也有很大好处,就是把权重都转到https上
server {
listen 80;
server_name www.abc1.com;
return 301 https://$server_name$request_uri; #http跳转https
}
第二种方式使用rewrite
server{
listen80;
server_name www.abc.com;
rewrite^(.*)https://$server_name$1permanent;#此句最关键
}
我推荐个工具给你 NGINXConfig | DigitalOcean
不论是WEB站点,还是NODEJS服务,建议统一用 NGINX 来解决。 而不是用 www.example.com:8081 端口的形式访问。
第一个问题的解决方法:用多个虚拟主机配置文件即可
编辑 www1.example.com.conf
# HTTP redirect
server {
listen 80;
server_name www1.example.com;
location / {
return 301 https://www1.example.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name www1.example.com;
root /var/www/example.com/public;
# SSL
ssl_certificate /path/to/www1.example.com.crt;
ssl_certificate_key /path/to/www1.example.com.key;
# index.html fallback
location / {
try_files $uri $uri/ /index.html;
}
}
编辑 www2.example.com.conf
# HTTP redirect
server {
listen 80;
server_name www2.example.com;
location / {
return 301 https://www2.example.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name www2.example.com;
root /var/www/example.com/public;
# SSL
ssl_certificate /path/to/www2.example.com.crt;
ssl_certificate_key /path/to/www2.example.com.key;
# index.html fallback
location / {
try_files $uri $uri/ /index.html;
}
}
第二个问题,可以用 NGINX 反向代理来解决.
编辑 myapi.example.com.conf
# HTTP redirect
server {
listen 80;
server_name myapi.example.com;
location / {
return 301 https://myapi.example.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name myapi.example.com;
# SSL
ssl_certificate /path/to/myapi.example.com.crt;
ssl_certificate_key /path/to/myapi.example.com.key;
# reverse proxy
location / {
proxy_http_version 1.1;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Forwarded $proxy_add_forwarded;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:8081;
}
}
然后直接用域名访问即可 myapi.example.com/xxx.jpg
补充:
如果有泛域名证书,所有配置文件的证书可以写一样的。