nginx二级域名代理
<p><span style="color: rgba(255, 0, 0, 1)"><strong>二级域名带ssl证书代理</strong></span></p><p>在nginx配置文件,增加代理配置服务</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"> server {
listen </span><span style="color: rgba(128, 0, 128, 1)">443</span><span style="color: rgba(0, 0, 0, 1)"> ssl; #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
server_name api.dshvv.com;#二级域名。
root html;
index index.html index.htm;
ssl_certificate </span>/home/ssl/<span style="color: rgba(0, 0, 0, 1)">dshvv.pem; #将domain name.pem替换成您证书的文件名。
ssl_certificate_key </span>/home/ssl/<span style="color: rgba(0, 0, 0, 1)">dshvv.key; #将domain name.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE</span>-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!<span style="color: rgba(0, 0, 0, 1)">RC4;#使用此加密套件。
ssl_protocols TLSv1 TLSv1.</span><span style="color: rgba(128, 0, 128, 1)">1</span> TLSv1.<span style="color: rgba(128, 0, 128, 1)">2</span><span style="color: rgba(0, 0, 0, 1)">; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
proxy_pass http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">127.0.0.1:7777; #代理地址</span>
<span style="color: rgba(0, 0, 0, 1)"> proxy_set_header Host $host;
proxy_set_header X</span>-Real-<span style="color: rgba(0, 0, 0, 1)">IP $remote_addr;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">For $proxy_add_x_forwarded_for;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Proto $scheme;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Port $server_port;
}
}</span></pre>
</div>
<pre>意思是 遇到api.dshvv.com请求的时候,将代理至本地的7777服务。</pre>
<pre><span><br><br></span></pre>
<p><span>需要注意的是,需要在域名服务上,开启二级域名的解析</span></p>
<p><span><img src="https://img2020.cnblogs.com/blog/870258/202007/870258-20200705232112111-2093246109.png" alt="" loading="lazy"></span></p>
<p> </p>
<p><img src="https://img2020.cnblogs.com/blog/870258/202007/870258-20200705232211894-399237345.png" alt="" loading="lazy"></p>
<p> </p>
<p> </p>
<p><strong><span style="color: rgba(255, 0, 0, 1)">普通二级域名配置</span></strong></p>
<p>因为ssl证书是针对以及域名的,二级域名提示无效风险,但是不影响使用,也就是说二级域名用https请求会提示ssl证书无效<br>阿里有统配子域名的证书,但是要花钱,每年1-2k,还是算了。但是我们可以分别声情,这是免费的<br>如果二级域名不配置证书,代理可以做如下新增</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">server {
listen </span><span style="color: rgba(128, 0, 128, 1)">80</span><span style="color: rgba(0, 0, 0, 1)">;
server_name api.dshvv.com;#二级域名。
root html;
index index.html index.htm;
location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
proxy_pass http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">127.0.0.1:7777; #代理地址</span>
<span style="color: rgba(0, 0, 0, 1)"> proxy_set_header Host $host;
proxy_set_header X</span>-Real-<span style="color: rgba(0, 0, 0, 1)">IP $remote_addr;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">For $proxy_add_x_forwarded_for;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Proto $scheme;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Port $server_port;
}
}</span></pre>
</div>
<p>当然最好还是都加上,两种配置都写上,这样使用的时候有的选择</p>
<p> </p>
<p><span style="color: rgba(255, 0, 0, 1)"><strong>最优方案</strong></span></p>
<p>1、配置两个域名证书</p>
<p>2、同时支持http和https</p>
<p>一下是最终的配置文件</p>
<div class="cnblogs_code"><img src="https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif" id="code_img_closed_24459b2a-3e57-4338-b583-7b8ff7a1fb9d" class="code_img_closed"><img src="https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif" id="code_img_opened_24459b2a-3e57-4338-b583-7b8ff7a1fb9d" class="code_img_opened" style="display: none">
<div id="cnblogs_code_open_24459b2a-3e57-4338-b583-7b8ff7a1fb9d" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 0, 0, 1)">#usernobody;
worker_processes</span><span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">;
#error_loglogs</span>/<span style="color: rgba(0, 0, 0, 1)">error.log;
#error_loglogs</span>/<span style="color: rgba(0, 0, 0, 1)">error.lognotice;
#error_loglogs</span>/error.log<span style="color: rgba(0, 0, 255, 1)">info</span><span style="color: rgba(0, 0, 0, 1)">;
#pid logs</span>/<span style="color: rgba(0, 0, 0, 1)">nginx.pid;
events {
worker_connections</span><span style="color: rgba(128, 0, 128, 1)">1024</span><span style="color: rgba(0, 0, 0, 1)">;
}
http {
include mime.types;
default_typeapplication</span>/octet-<span style="color: rgba(0, 0, 0, 1)">stream;
#log_formatmain</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">$remote_addr - $remote_user [$time_local] "$request" </span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">
# </span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">$status $body_bytes_sent "$http_referer" </span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">
# </span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">"$http_user_agent" "$http_x_forwarded_for"</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">;
#access_loglogs</span>/<span style="color: rgba(0, 0, 0, 1)">access.logmain;
sendfile on;
#tcp_nopush on;
#keepalive_timeout</span><span style="color: rgba(128, 0, 128, 1)">0</span><span style="color: rgba(0, 0, 0, 1)">;
keepalive_timeout</span><span style="color: rgba(128, 0, 128, 1)">65</span><span style="color: rgba(0, 0, 0, 1)">;
#</span><span style="color: rgba(0, 0, 255, 1)">gzip</span><span style="color: rgba(0, 0, 0, 1)">on;
server {
listen </span><span style="color: rgba(128, 0, 128, 1)">443</span><span style="color: rgba(0, 0, 0, 1)"> ssl; #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
server_name localhost;#将localhost修改为您证书绑定的域名,例如:www.example.com。
root html;
index index.html index.htm;
ssl_certificate </span>/home/ssl/dshvv.com_nginx/<span style="color: rgba(0, 0, 0, 1)">cert.pem; #将domain name.pem替换成您证书的文件名。
ssl_certificate_key </span>/home/ssl/dshvv.com_nginx/<span style="color: rgba(0, 0, 0, 1)">cert.key; #将domain name.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE</span>-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!<span style="color: rgba(0, 0, 0, 1)">RC4;#使用此加密套件。
ssl_protocols TLSv1 TLSv1.</span><span style="color: rgba(128, 0, 128, 1)">1</span> TLSv1.<span style="color: rgba(128, 0, 128, 1)">2</span><span style="color: rgba(0, 0, 0, 1)">; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
root html; #站点目录。
index index.html index.htm;
}
}
server {
listen </span><span style="color: rgba(128, 0, 128, 1)">443</span><span style="color: rgba(0, 0, 0, 1)"> ssl; #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
server_name api.dshvv.com;#二级域名。
root html;
index index.html index.htm;
ssl_certificate </span>/home/ssl/api.dshvv.com_nginx/<span style="color: rgba(0, 0, 0, 1)">cert.pem; #将domain name.pem替换成您证书的文件名。
ssl_certificate_key </span>/home/ssl/api.dshvv.com_nginx/<span style="color: rgba(0, 0, 0, 1)">cert.key; #将domain name.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE</span>-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!<span style="color: rgba(0, 0, 0, 1)">RC4;#使用此加密套件。
ssl_protocols TLSv1 TLSv1.</span><span style="color: rgba(128, 0, 128, 1)">1</span> TLSv1.<span style="color: rgba(128, 0, 128, 1)">2</span><span style="color: rgba(0, 0, 0, 1)">; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
proxy_pass http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">127.0.0.1:7777; #代理地址</span>
<span style="color: rgba(0, 0, 0, 1)"> proxy_set_header Host $host;
proxy_set_header X</span>-Real-<span style="color: rgba(0, 0, 0, 1)">IP $remote_addr;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">For $proxy_add_x_forwarded_for;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Proto $scheme;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Port $server_port;
}
}
server {
listen </span><span style="color: rgba(128, 0, 128, 1)">80</span><span style="color: rgba(0, 0, 0, 1)">;
server_namelocalhost;
#charset koi8</span>-<span style="color: rgba(0, 0, 0, 1)">r;
#access_loglogs</span>/<span style="color: rgba(0, 0, 0, 1)">host.access.logmain;
location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
root html;
indexindex.html index.htm;
}
#error_page</span><span style="color: rgba(128, 0, 128, 1)">404</span> /<span style="color: rgba(128, 0, 128, 1)">404</span><span style="color: rgba(0, 0, 0, 1)">.html;
# redirect server error pages to the static page </span>/<span style="color: rgba(0, 0, 0, 1)">50x.html
#
error_page </span><span style="color: rgba(128, 0, 128, 1)">500</span> <span style="color: rgba(128, 0, 128, 1)">502</span> <span style="color: rgba(128, 0, 128, 1)">503</span> <span style="color: rgba(128, 0, 128, 1)">504</span>/<span style="color: rgba(0, 0, 0, 1)">50x.html;
location </span>= /<span style="color: rgba(0, 0, 0, 1)">50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on </span><span style="color: rgba(128, 0, 128, 1)">127.0</span>.<span style="color: rgba(128, 0, 128, 1)">0.1</span>:<span style="color: rgba(128, 0, 128, 1)">80</span><span style="color: rgba(0, 0, 0, 1)">
#
#location </span>~<span style="color: rgba(0, 0, 0, 1)"> \.php$ {
# proxy_pass http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">127.0.0.1;</span>
<span style="color: rgba(0, 0, 0, 1)"> #}
# pass the PHP scripts to FastCGI server listening on </span><span style="color: rgba(128, 0, 128, 1)">127.0</span>.<span style="color: rgba(128, 0, 128, 1)">0.1</span>:<span style="color: rgba(128, 0, 128, 1)">9000</span><span style="color: rgba(0, 0, 0, 1)">
#
#location </span>~<span style="color: rgba(0, 0, 0, 1)"> \.php$ {
# root html;
# fastcgi_pass </span><span style="color: rgba(128, 0, 128, 1)">127.0</span>.<span style="color: rgba(128, 0, 128, 1)">0.1</span>:<span style="color: rgba(128, 0, 128, 1)">9000</span><span style="color: rgba(0, 0, 0, 1)">;
# fastcgi_indexindex.php;
# fastcgi_paramSCRIPT_FILENAME</span>/<span style="color: rgba(0, 0, 0, 1)">scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, </span><span style="color: rgba(0, 0, 255, 1)">if</span> Apache<span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">s document root</span>
# concurs with nginx<span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">s one</span>
<span style="color: rgba(0, 0, 0, 1)"> #
#location </span>~ /<span style="color: rgba(0, 0, 0, 1)">\.ht {
# denyall;
#}
}
server {
listen </span><span style="color: rgba(128, 0, 128, 1)">80</span><span style="color: rgba(0, 0, 0, 1)">;
server_name api.dshvv.com;#二级域名。
root html;
index index.html index.htm;
location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
proxy_pass http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">127.0.0.1:7777; #代理地址</span>
<span style="color: rgba(0, 0, 0, 1)"> proxy_set_header Host $host;
proxy_set_header X</span>-Real-<span style="color: rgba(0, 0, 0, 1)">IP $remote_addr;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">For $proxy_add_x_forwarded_for;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Proto $scheme;
proxy_set_header X</span>-Forwarded-<span style="color: rgba(0, 0, 0, 1)">Port $server_port;
}
}
# another virtual host using mix of IP</span>-, name-, and port-<span style="color: rgba(0, 0, 0, 1)">based configuration
#
#server {
# listen </span><span style="color: rgba(128, 0, 128, 1)">8000</span><span style="color: rgba(0, 0, 0, 1)">;
# listen somename:</span><span style="color: rgba(128, 0, 128, 1)">8080</span><span style="color: rgba(0, 0, 0, 1)">;
# server_namesomenamealiasanother.alias;
# location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
# root html;
# indexindex.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen </span><span style="color: rgba(128, 0, 128, 1)">443</span><span style="color: rgba(0, 0, 0, 1)"> ssl;
# server_namelocalhost;
# ssl_certificate cert.pem;
# ssl_certificate_keycert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout5m;
# ssl_ciphersHIGH:</span>!aNULL:!<span style="color: rgba(0, 0, 0, 1)">MD5;
# ssl_prefer_server_cipherson;
# location </span>/<span style="color: rgba(0, 0, 0, 1)"> {
# root html;
# indexindex.html index.htm;
# }
#}
}</span></pre>
</div>
<span class="cnblogs_code_collapse">View Code</span></div>
<p> </p><br><br>
来源:https://www.cnblogs.com/dingshaohua/p/13252497.html
頁:
[1]