如何为 ubuntu 服务器中的多个 运行 端口配置 https nginx 配置
How to configure https nginx configuration for multiple running port in ubuntu server
在 ubuntu 服务器中托管多个端口(5000、5001)时面临一种独特的问题。我正在使用 Nginx 在目录“/etc/nginx/site-availabe”中配置两个子域,并取消链接默认配置。但主要问题是当侦听端口“:80”对两个子域都工作正常时,但是当为两个 SSL 证书文件配置时,侦听 443 仅指向两个子域的端口 5000,而不是 5001 端口。如果我有任何配置问题,我会分享我的配置文件。
此设置适用于 5001 端口
server {
listen 80;
server_name lenderapp.xxx.in;
return 301 https://lenderapp.xxx.in$request_uri;
# rewrite ^(.*) https://lenderapp.xxx.in permanent;
}
server {
listen 443;
ssl on;
server_name www.lenderapp.xxx.in;
#root /home/dmin/OProjects/lender_demo;
error_log /var/log/nginx/error_lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
ssl_certificate /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert_key.key;
location /{
proxy_pass http://0.0.0.0:5001;
root /home/admin/OProjects/lender_demo;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
现在端口 5000 的第二个设置
server {
listen 80;
server_name bcadmin.xxx.in;
return 301 https://bcadmin.xxx.in$request_uri;
#rewrite ^(.*) https://bcadmin.xxx.in permanent;
}
server {
listen 443 ssl http2;
server_name www.bcadmin.tradefi.in;
root /home/admin/OProjects/admin_console;
error_log /var/log/nginx/lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
ssl_certificate /home/admin/OProjects/ssl_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/ssl_cert_key.key;
location /{
proxy_pass 'http://0.0.0.0:5000';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
请大家帮帮我...我急需帮助
乍一看,您的配置中没有真正的错误。但是使用 0.0.0.0 作为目标 IP - 这个 IP 是一种“任何 IP”。对于本地重定向,您应该坚持使用 127.0.0.1。此外 ssl on 自 06/2018 以来已弃用...
我建议将您的配置分成几个文件,以便更好地了解概览。它将使配置更具可读性,并将真正帮助您进行日常工作(和增强功能)。
对于您的配置,我的方法如下。我在我的一台服务器上将此配置用于 > 35 个域而没有问题。它不仅 有效 ,还会给你 SSLtest 的 A+ 评级。此配置采用您的日志和证书文件名 - 在我看来这不是最佳的 ;)
主要配置
# This block redirect any :80 traffic to its https counterpart.
server {
listen 80 default_server;
listen [::]:80 default_server; # <-- ipv6
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2; # <-- ipv6
server_name www.lenderapp.xxx.in;
error_log /var/log/nginx/error_lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
include params/ssl;
ssl_certificate /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert_key.key;
location / {
proxy_pass http://127.0.0.1:5001;
include params/proxy_full;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2; # <-- ipv6
server_name www.bcadmin.tradefi.in;
error_log /var/log/nginx/lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
include params/ssl;
ssl_certificate /home/admin/OProjects/ssl_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/ssl_cert_key.key;
location / {
proxy_pass http://127.0.0.1:5000;
include params/proxy_full;
}
}
params/ssl(我的/etc/nginx/params/proxy_full)
警告:您需要 params 中的 dhparam 文件才能使其正常工作。如果不存在,请使用 openssl dhparam -out /etc/nginx/params/dhparam.pem 4096 创建一个。
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam params/dhparam.pem;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
resolver_timeout 5s;
params/proxy_full(我的/etc/nginx/params/proxy_full)
add_header X-Upstream $upstream_addr;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
在 ubuntu 服务器中托管多个端口(5000、5001)时面临一种独特的问题。我正在使用 Nginx 在目录“/etc/nginx/site-availabe”中配置两个子域,并取消链接默认配置。但主要问题是当侦听端口“:80”对两个子域都工作正常时,但是当为两个 SSL 证书文件配置时,侦听 443 仅指向两个子域的端口 5000,而不是 5001 端口。如果我有任何配置问题,我会分享我的配置文件。
此设置适用于 5001 端口
server {
listen 80;
server_name lenderapp.xxx.in;
return 301 https://lenderapp.xxx.in$request_uri;
# rewrite ^(.*) https://lenderapp.xxx.in permanent;
}
server {
listen 443;
ssl on;
server_name www.lenderapp.xxx.in;
#root /home/dmin/OProjects/lender_demo;
error_log /var/log/nginx/error_lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
ssl_certificate /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert_key.key;
location /{
proxy_pass http://0.0.0.0:5001;
root /home/admin/OProjects/lender_demo;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
现在端口 5000 的第二个设置
server {
listen 80;
server_name bcadmin.xxx.in;
return 301 https://bcadmin.xxx.in$request_uri;
#rewrite ^(.*) https://bcadmin.xxx.in permanent;
}
server {
listen 443 ssl http2;
server_name www.bcadmin.tradefi.in;
root /home/admin/OProjects/admin_console;
error_log /var/log/nginx/lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
ssl_certificate /home/admin/OProjects/ssl_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/ssl_cert_key.key;
location /{
proxy_pass 'http://0.0.0.0:5000';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
请大家帮帮我...我急需帮助
乍一看,您的配置中没有真正的错误。但是使用 0.0.0.0 作为目标 IP - 这个 IP 是一种“任何 IP”。对于本地重定向,您应该坚持使用 127.0.0.1。此外 ssl on 自 06/2018 以来已弃用...
我建议将您的配置分成几个文件,以便更好地了解概览。它将使配置更具可读性,并将真正帮助您进行日常工作(和增强功能)。
对于您的配置,我的方法如下。我在我的一台服务器上将此配置用于 > 35 个域而没有问题。它不仅 有效 ,还会给你 SSLtest 的 A+ 评级。此配置采用您的日志和证书文件名 - 在我看来这不是最佳的 ;)
主要配置
# This block redirect any :80 traffic to its https counterpart.
server {
listen 80 default_server;
listen [::]:80 default_server; # <-- ipv6
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2; # <-- ipv6
server_name www.lenderapp.xxx.in;
error_log /var/log/nginx/error_lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
include params/ssl;
ssl_certificate /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert_key.key;
location / {
proxy_pass http://127.0.0.1:5001;
include params/proxy_full;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2; # <-- ipv6
server_name www.bcadmin.tradefi.in;
error_log /var/log/nginx/lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
include params/ssl;
ssl_certificate /home/admin/OProjects/ssl_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/ssl_cert_key.key;
location / {
proxy_pass http://127.0.0.1:5000;
include params/proxy_full;
}
}
params/ssl(我的/etc/nginx/params/proxy_full)
警告:您需要 params 中的 dhparam 文件才能使其正常工作。如果不存在,请使用 openssl dhparam -out /etc/nginx/params/dhparam.pem 4096 创建一个。
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam params/dhparam.pem;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
resolver_timeout 5s;
params/proxy_full(我的/etc/nginx/params/proxy_full)
add_header X-Upstream $upstream_addr;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;