nginx的多域httphttps同时访问配置及http重定向https

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx的多域httphttps同时访问配置及http重定向https相关的知识,希望对你有一定的参考价值。

nginx的多域http、https同时访问配置及http重定向https

1、关于ssl 服务证书的申请或生成就略过

2、nginx关于多域名访问服务器
(1)配置nginx中conf文件夹下的nginx.conf
加入代码(环境是windows 2008 server+upupw_np7.0)

include vhosts.conf;

(2)conf文件夹下新建vhost.conf, 加入以下内容:

server {
listen 80;
server_name aaa.com www.aaa.com;
location / {
root C:/UPUPW_NP7.0/htdocs;
index index.html index.htm default.html default.htm index.php default.php app.php u.php;
include C:/UPUPW_NP7.0/htdocs/up-.conf;
}
autoindex off;
include advanced_settings.conf;
#include expires.conf;
location ~
.\/(attachment|attachments|uploadfiles|avatar)\/..(php|php5|phps|asp|aspx|jsp)$ {
deny all;
}
location ~ ^.+.php {
root C:/UPUPW_NP7.0/htdocs;
fastcgi_pass bakend;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi.conf;
}
}
#反向代理到本机其他域名增加以下内容
server {
listen 80;

    server_name bbb.com  www.bbb.com;
    location / {
    proxy_pass http://127.0.0.1:8888/;    #指定本机服务器其他端口,通过http://ip:port能访问到你的网站
    include uproxy.conf;
               }
  }

配置后可以同时访问aaa.com, bbb.com

3、如果要http、https同时访问配置如下:

server {
listen 80;
listen 443 ssl;

    server_name  aaa.com  www.aaa.com;
#ssl                  on;      #如果不取消本行会产生错误
ssl_certificate      C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;
ssl_certificate_key  C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key;   
#这里我使用的是阿里云的免费证书
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
    location / {
        root   C:/UPUPW_NP7.0/htdocs;
        index  index.html index.htm default.html default.htm index.php default.php app.php u.php;
        include        C:/UPUPW_NP7.0/htdocs/up-*.conf;
    }
    autoindex off;
    include advanced_settings.conf;
    #include expires.conf;
    location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {
    deny all;
    }
    location ~ ^.+\.php {
        root           C:/UPUPW_NP7.0/htdocs;
        fastcgi_pass   bakend;
        fastcgi_index  index.php;
        fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
        fastcgi_param  PATH_INFO $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED $document_root$fastcgi_path_info;
        include        fastcgi.conf;
    }
    }

#反向代理到本机其他域名增加以下内容

server {
listen 80;
server_name bbb.com www.bbb.com;
#ssl on;
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;

ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

    location / {
    proxy_pass http://127.0.0.1:8888/;    #指定本机服务器其他端口,通过http://ip:port能访问到你的网站
    include uproxy.conf;
               }
  }

***在设置443端口的时候遇到以下问题:nginx端口占用,启动报错:bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way f

解决方法:
1)cmd输入netstat -aon | findstr “443” 查找端口占用情况,找到提示占用的端口号0.0.0.0:443,查看后,pid值为4, 在系统进程服务中查到pid=4的进程为一个系统后台服务

2)一般该服务为:Routing and Remote Access服务,只需在组件服务中把对应的停掉,重启nginx即可

4、如果要让Http 重定向至 Https,对vhosts.conf配置如下:

server{
listen 80;
server_name aaaa.comm www.aaa.com;
add_header Strict-Transport-Security max-age=15768000;

return 301 https://$server_name$request_uri;

}
server {
#listen 80;
listen 443 ssl;

    server_name  aaa.com  www.aaa.com;
ssl                  on;      #如果不取消本行会产生错误
ssl_certificate      C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;
ssl_certificate_key  C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key;   
#这里我使用的是阿里云的免费证书
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
    location / {
        root   C:/UPUPW_NP7.0/htdocs;
        index  index.html index.htm default.html default.htm index.php default.php app.php u.php;
        include        C:/UPUPW_NP7.0/htdocs/up-*.conf;
    }
    autoindex off;
    include advanced_settings.conf;
    #include expires.conf;
    location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {
    deny all;
    }
    location ~ ^.+\.php {
        root           C:/UPUPW_NP7.0/htdocs;
        fastcgi_pass   bakend;
        fastcgi_index  index.php;
        fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
        fastcgi_param  PATH_INFO $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED $document_root$fastcgi_path_info;
        include        fastcgi.conf;
    }
    }

#反向代理到本机其他域名增加以下内容

server{
listen 80;
server_name bbb.com www.bbb.com;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$server_name$request_uri;
}
server {
#listen 80;
server_name bbb.com www.bbb.com;
#ssl on;
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;

ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

    location / {
    proxy_pass http://127.0.0.1:8888/;    #指定本机服务器其他端口,通过http://ip:port能访问到你的网站
    include uproxy.conf;
               }
  }

以上是关于nginx的多域httphttps同时访问配置及http重定向https的主要内容,如果未能解决你的问题,请参考以下文章

Nginx配置文件简介及多域名虚拟主机配置

Nginx配置多域名访问设置

Nginx一个server主机上80433httphttps共存

Nginx一个ip上多站点80433httphttps共存设置

CentOS 7 配置 Nginx 正向代理 httphttps 最详解

SSL/TLS深度解析--在Nginx上配置证书链及多域名证书