• 【Nginx】https及域名公用


    实际项目中有以下需求:

    1.此项目有两个网站,一个是官网:www.site2.com,一个是后台管理网站:www.site1.com

    2.此项目前后端分离,数据都是通过一个接口服务读取。

    3.此项目只有一个单域名ssl证书,但是要保证官网、后台、数据接口都可以通过https访问。

    思路:

    1.将ssl证书指向到官网,www.site2.com。

      listen 443 ssl;
        server_name  www.site2.com; // 对www.site2.com进行ssl认证
    
        ssl_certificate ../ssl/server.crt;
        ssl_certificate_key ../ssl/server.key;
    
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
       // 访问www.site2.com,指向官网website目录
        location / {
            root ../website;
            index index.html;
            
            proxy_redirect off ;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    

      

    2.将数据接口和后台作为官网的下级平台。通过www.site2.com/sub和www.site2.com/api,访问后台和数据接口。

        // 访问www.site2.com/api,指向内部接口服务
        location /api/ {
            proxy_pass http://localhost:5001/;
            
            proxy_redirect off ;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        
        // 访问www.site2.com/sub,指向后台 web/sub目录
        location /sub {
            # proxy_pass http://www.site1.com/;
            
            root ../web;
            index index.html;
            
            proxy_redirect off ;
            proxy_set_header host $host;
            proxy_set_header x-real-ip $remote_addr;
            proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
        }
    

    3.当用户访问www.site1.com的http地址时,直接重定向到https://www.site2.com/sub

    // 访问www.site1.com,重定向到https://www.site2.com/sub
    server {
        listen       80;
        server_name  www.site1.com;
        rewrite ^(.*)$  https://www.site2.com/sub;
    }
    

    4.当用户访问www.site2.com的http地址时,直接重定向到https://www.site2.com

    // 访问www.site2.com,重定向到https://www.site2.com
    server {
        listen       80;
        server_name  www.site2.com;
        rewrite ^(.*)$  https://$host$1 permanent; 
    }
    

      

    完整配置如下:

    // 访问www.site1.com,重定向到https://www.site2.com/sub
    server {
        listen       80;
        server_name  www.site1.com;
        rewrite ^(.*)$  https://www.site2.com/sub;
    }
    
    // 访问www.site2.com,重定向到https://www.site2.com
    server {
        listen       80;
        server_name  www.site2.com;
        rewrite ^(.*)$  https://$host$1 permanent; 
    }
    
    server {
        listen 443 ssl;
        server_name  www.site2.com; // 对www.site2.com进行ssl认证
    
        ssl_certificate ../ssl/server.crt;
        ssl_certificate_key ../ssl/server.key;
    
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
    
        // 访问www.site2.com/api,指向内部接口服务
        location /api/ {
            proxy_pass http://localhost:5001/;
            
            proxy_redirect off ;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        
        // 访问www.site2.com/sub,指向后台 web/sub目录
        location /sub {
            # proxy_pass http://www.site1.com/;
            
            root ../web;
            index index.html;
            
            proxy_redirect off ;
            proxy_set_header host $host;
            proxy_set_header x-real-ip $remote_addr;
            proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
        }
        
        // 访问www.site2.com,指向官网website目录
        location / {
            root ../website;
            index index.html;
            
            proxy_redirect off ;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
        
    

      

  • 相关阅读:
    关键字--static
    java注解
    服务器、应用服务器、web服务器、容器
    进程和线程
    Tomcat7目录结构详解(非常详细)
    HTML小练习
    HTML学习笔记
    javaoo总结二
    javaoo总结一
    python核心-类-1
  • 原文地址:https://www.cnblogs.com/nonkicat/p/13306964.html
Copyright © 2020-2023  润新知