如何在同一台服务器上处理从 nginx 到 apache 的多个主机名句柄?
How to handle multiple hostnames handles from nginx to apache in the same server?
我计划在同一台服务器上管理多个网站,我目前正在处理来自 nginx 的 http 请求,然后将其处理到 apache。
这是我目前第一个网站的配置:
# Force HTTP requests to HTTPS
server {
listen 80;
server_name myfirstwebsite.net;
return 301 https://myfirstwebsite.ne$request_uri;
}
server {
listen 443 ssl;
root /var/opt/httpd/ifdocs;
server_name myfirstwebsite.ne ;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate /etc/pki/tls/certs/cert.pem;
ssl_certificate_key /etc/pki/tls/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/iflogs/http/access.log;
error_log /var/log/nginx/iflogs/http/error.log;
###include rewrites/default.conf;
index index.php index.html index.htm;
# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
expires max;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4433;
}
# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4433;
}
location ~ /\. {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
现在,我的问题是,对于第二个、第三个网站等等,我正在考虑修改以下行:
proxy_pass https://127.0.0.1:4433;
对于
proxy_pass https://secondwebsite.net:4433;
但我不想做的是离开互联网并查找该 dns,然后返回到同一台服务器,但在同一台服务器中提供服务(这就是为什么我 localhost:4433 在第一个网站),所以我没有遇到延迟问题。
有解决办法吗?
此外,我想知道如果我使用同一端口(在本例中为 4433)为多个服务器提供服务是否会出现问题,或者我是否必须为每个网站使用不同的端口。
提前谢谢你。
多个服务器配置
实现此目的的一种方法是拥有多个服务器块,最好是在不同的 conf 文件上。这样的事情会在新文件中为您的第二台服务器做(例如 /etc/nginx/sites-available/mysecondwebsite):
# Force HTTP requests to HTTPS
server {
listen 80;
server_name mysecondwebsite.net;
access_log off; # No need for logging on this
error_log off;
return 301 https://mysecondwebsite.net$request_uri;
}
server {
listen 443 ssl;
root /var/opt/httpd/ifdocs;
server_name mysecondwebsite.net ;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate /etc/pki/tls/certs/cert.pem;
ssl_certificate_key /etc/pki/tls/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/iflogs/http/access.log;
error_log /var/log/nginx/iflogs/http/error.log;
###include rewrites/default.conf;
index index.php index.html index.htm;
# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
expires max;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4434;
}
# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4434;
}
location ~ /\. {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
然后您将使用 ln -s /etc/nginx/sites-available/mysecondwebsite /etc/nginx/sites-available/ 创建一个符号链接并重新启动 nginx。要回答有关端口的问题,您只能让一个 TCP 应用程序侦听任何一个端口。 This post 提供了更多相关细节。
您还可以像这样在服务器块中定义上游:
upstream mysecondwebsite {
server 127.0.0.1:4434; # Or whatever port you use
}
然后像这样使用代理传递引用此上游:
proxy_pass http://mysecondwebsite;
这样,如果您更改端口,您只需在服务器配置文件中的一处进行更改。此外,这也是您使用多个 Apache 服务器扩展应用程序并实现负载平衡的方式。
我计划在同一台服务器上管理多个网站,我目前正在处理来自 nginx 的 http 请求,然后将其处理到 apache。
这是我目前第一个网站的配置:
# Force HTTP requests to HTTPS
server {
listen 80;
server_name myfirstwebsite.net;
return 301 https://myfirstwebsite.ne$request_uri;
}
server {
listen 443 ssl;
root /var/opt/httpd/ifdocs;
server_name myfirstwebsite.ne ;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate /etc/pki/tls/certs/cert.pem;
ssl_certificate_key /etc/pki/tls/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/iflogs/http/access.log;
error_log /var/log/nginx/iflogs/http/error.log;
###include rewrites/default.conf;
index index.php index.html index.htm;
# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
expires max;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4433;
}
# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4433;
}
location ~ /\. {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
现在,我的问题是,对于第二个、第三个网站等等,我正在考虑修改以下行:
proxy_pass https://127.0.0.1:4433;
对于
proxy_pass https://secondwebsite.net:4433;
但我不想做的是离开互联网并查找该 dns,然后返回到同一台服务器,但在同一台服务器中提供服务(这就是为什么我 localhost:4433 在第一个网站),所以我没有遇到延迟问题。 有解决办法吗?
此外,我想知道如果我使用同一端口(在本例中为 4433)为多个服务器提供服务是否会出现问题,或者我是否必须为每个网站使用不同的端口。
提前谢谢你。
多个服务器配置
实现此目的的一种方法是拥有多个服务器块,最好是在不同的 conf 文件上。这样的事情会在新文件中为您的第二台服务器做(例如 /etc/nginx/sites-available/mysecondwebsite):
# Force HTTP requests to HTTPS
server {
listen 80;
server_name mysecondwebsite.net;
access_log off; # No need for logging on this
error_log off;
return 301 https://mysecondwebsite.net$request_uri;
}
server {
listen 443 ssl;
root /var/opt/httpd/ifdocs;
server_name mysecondwebsite.net ;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl on;
ssl_certificate /etc/pki/tls/certs/cert.pem;
ssl_certificate_key /etc/pki/tls/certs/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/iflogs/http/access.log;
error_log /var/log/nginx/iflogs/http/error.log;
###include rewrites/default.conf;
index index.php index.html index.htm;
# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
expires max;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4434;
}
# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:4434;
}
location ~ /\. {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
然后您将使用 ln -s /etc/nginx/sites-available/mysecondwebsite /etc/nginx/sites-available/ 创建一个符号链接并重新启动 nginx。要回答有关端口的问题,您只能让一个 TCP 应用程序侦听任何一个端口。 This post 提供了更多相关细节。
您还可以像这样在服务器块中定义上游:
upstream mysecondwebsite {
server 127.0.0.1:4434; # Or whatever port you use
}
然后像这样使用代理传递引用此上游:
proxy_pass http://mysecondwebsite;
这样,如果您更改端口,您只需在服务器配置文件中的一处进行更改。此外,这也是您使用多个 Apache 服务器扩展应用程序并实现负载平衡的方式。