如何在 nginx 中设置子域?
How setup subdomain in nginx?
我从头开始尝试了几次,但我的子域仍然无法正常工作。
我有 ubuntu Nginx。我想创建一个客户端和后端(子域)域。
客户端配置(正常工作):
server {
root /var/www/html/dist;
# Add index.php to the list if you are using PHP
index index.html;
server_name hookahscope.com www.hookahscope.com;
location ~ ^/(sitemap.xml) {
root /var/www/html/public;
}
location / {
try_files $uri /index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = www.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name hookahscope.com www.hookahscope.com;
return 404; # managed by Certbot
}
更新:
我的客户端(主域)配置有额外的配置,这就是冲突
server {
if ($host = www.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.api.hookahscope.com api.hookahscope.com; # managed by Certb>
return 404; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = www.api.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.api.hookahscope.com api.hookahscope.com;
return 404; # managed by Certbot
}
和后端配置:
server {
listen 80;
root /var/www/backend;
# Add index.php to the list if you are using PHP
index index.html;
server_name api.hookahscope.com;
location ~ ^/(sitemap.xml) {
root /var/www/html/public;
}
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri /index.html;
}
}
我 运行 后端在 pm2 上(服务器是带有 express 的 nodejs)
因此,在本地我可以通过命令在 8081 端口上看到后端:
curl http://localhost:8081/
Nginx 显示一些错误,但对我没有帮助:
sudo nginx -t
nginx: [warn] conflicting server name "api.hookahscope.com" on 0.0.0.0:80, ignored
当然,去掉listen 80错误就消失了;从子域配置,但我找不到我应该设置而不是
已更新2
我的子域配置:
server {
server_name api.hookahscope.com;
#location ~ ^/(sitemap.xml) {
# root /var/www/html/public;
#}
location / {
proxy_pass http://localhost:8081/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
与其通过 if ($host = hookahscope.com) { ... } 检查 Host HTTP header,我建议过滤将两个 server 块定义为 suggested by official nginx documentation (read this answer for detailed description). Having two separate SSL server blocks you shouldn't use the ipv6only=on flag on listen directive (read this 线程的请求以获取详细信息).这是我推荐使用的配置:
server {
# redirect HTTP to HTTPS for requests where the HTTP 'Host' header equal to one of our domains
listen 80;
listen [::]:80;
server_name hookahscope.com www.hookahscope.com api.hookahscope.com;
return 301 https://$http_host$request_uri;
}
server {
# close the connection immediately for the rest of requests
listen 80 default_server;
listen [::]:80 default_server;
return 444;
}
server {
# frontend
listen 443 ssl;
listen [::]:443 ssl;
server_name hookahscope.com www.hookahscope.com;
root /var/www/html/dist;
# SSL configuration made by certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
location = /sitemap.xml {
root /var/www/html/public;
}
location / {
try_files $uri /index.html;
}
}
server {
# backend
listen 443 ssl;
listen [::]:443 ssl;
server_name api.hookahscope.com;
# SSL configuration made by certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
我从头开始尝试了几次,但我的子域仍然无法正常工作。 我有 ubuntu Nginx。我想创建一个客户端和后端(子域)域。
客户端配置(正常工作):
server {
root /var/www/html/dist;
# Add index.php to the list if you are using PHP
index index.html;
server_name hookahscope.com www.hookahscope.com;
location ~ ^/(sitemap.xml) {
root /var/www/html/public;
}
location / {
try_files $uri /index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = www.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name hookahscope.com www.hookahscope.com;
return 404; # managed by Certbot
}
更新: 我的客户端(主域)配置有额外的配置,这就是冲突
server {
if ($host = www.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.api.hookahscope.com api.hookahscope.com; # managed by Certb>
return 404; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = www.api.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.api.hookahscope.com api.hookahscope.com;
return 404; # managed by Certbot
}
和后端配置:
server {
listen 80;
root /var/www/backend;
# Add index.php to the list if you are using PHP
index index.html;
server_name api.hookahscope.com;
location ~ ^/(sitemap.xml) {
root /var/www/html/public;
}
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri /index.html;
}
}
我 运行 后端在 pm2 上(服务器是带有 express 的 nodejs) 因此,在本地我可以通过命令在 8081 端口上看到后端:
curl http://localhost:8081/
Nginx 显示一些错误,但对我没有帮助:
sudo nginx -t
nginx: [warn] conflicting server name "api.hookahscope.com" on 0.0.0.0:80, ignored
当然,去掉listen 80错误就消失了;从子域配置,但我找不到我应该设置而不是
已更新2 我的子域配置:
server {
server_name api.hookahscope.com;
#location ~ ^/(sitemap.xml) {
# root /var/www/html/public;
#}
location / {
proxy_pass http://localhost:8081/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
与其通过 if ($host = hookahscope.com) { ... } 检查 Host HTTP header,我建议过滤将两个 server 块定义为 suggested by official nginx documentation (read this answer for detailed description). Having two separate SSL server blocks you shouldn't use the ipv6only=on flag on listen directive (read this 线程的请求以获取详细信息).这是我推荐使用的配置:
server {
# redirect HTTP to HTTPS for requests where the HTTP 'Host' header equal to one of our domains
listen 80;
listen [::]:80;
server_name hookahscope.com www.hookahscope.com api.hookahscope.com;
return 301 https://$http_host$request_uri;
}
server {
# close the connection immediately for the rest of requests
listen 80 default_server;
listen [::]:80 default_server;
return 444;
}
server {
# frontend
listen 443 ssl;
listen [::]:443 ssl;
server_name hookahscope.com www.hookahscope.com;
root /var/www/html/dist;
# SSL configuration made by certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
location = /sitemap.xml {
root /var/www/html/public;
}
location / {
try_files $uri /index.html;
}
}
server {
# backend
listen 443 ssl;
listen [::]:443 ssl;
server_name api.hookahscope.com;
# SSL configuration made by certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}