为什么我的 nginx 配置允许访问 app.domain.com?
Why is my nginx config allowing access to app.domain.com?
我有一个名为 app 的子域,它通过 DNS 指向我的主机,但我不想将它用于我当前使用子域 xyz 的网站。如果我转到 https://app.domain.com I get the "Your connection is not private" error. This is good that the browser shows this but I don't want anyone to even access this subdomain at the moment. I would prefer to redirect them to https://xyz.domain.com,其中我有一个有效的 SSL。请在下面查看我的配置并帮助我找出我缺少的内容。提前致谢。
server {
listen 80;
listen [::]:80;
server_name xyz.domain.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://xyz.domain.com$request_uri;
}
}
server {
# For https
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
server_name xyz.domain.com;
if ($http_host = app.domain.com) {
rewrite ^ https://xyz.domain.com$request_uri? permanent;
}
ssl_certificate /etc/letsencrypt/live/xyz.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xyz.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
如果您不希望用户收到安全警告,您需要设置辅助服务器配置并配置 certbot
以获得 app.domain.com
:
的证书
server {
listen 443;
listen [::]:443 ssl ipv6only=on;
server_name app.domain.com;
rewrite ^ https://xyz.domain.com$request_uri? permanent;
ssl_certificate /etc/letsencrypt/live/app.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
我有一个名为 app 的子域,它通过 DNS 指向我的主机,但我不想将它用于我当前使用子域 xyz 的网站。如果我转到 https://app.domain.com I get the "Your connection is not private" error. This is good that the browser shows this but I don't want anyone to even access this subdomain at the moment. I would prefer to redirect them to https://xyz.domain.com,其中我有一个有效的 SSL。请在下面查看我的配置并帮助我找出我缺少的内容。提前致谢。
server {
listen 80;
listen [::]:80;
server_name xyz.domain.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://xyz.domain.com$request_uri;
}
}
server {
# For https
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
server_name xyz.domain.com;
if ($http_host = app.domain.com) {
rewrite ^ https://xyz.domain.com$request_uri? permanent;
}
ssl_certificate /etc/letsencrypt/live/xyz.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xyz.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
如果您不希望用户收到安全警告,您需要设置辅助服务器配置并配置 certbot
以获得 app.domain.com
:
server {
listen 443;
listen [::]:443 ssl ipv6only=on;
server_name app.domain.com;
rewrite ^ https://xyz.domain.com$request_uri? permanent;
ssl_certificate /etc/letsencrypt/live/app.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}