0
我是nginx新手。 我在同一臺服務器上有兩個域。 一個基於https
&另一對http
Nginx - 通過https訪問基於http的二級域時訪問https主域
即:
https://main.site.com //Accessing a node server app on port 3000
而
http://secondary.site.com //Accessing a node server app on port 9000
當我嘗試訪問https://secondary.site.com
,它實際上訪問我https://main.site.com
服務器代碼,它應該從https://secondary.site.com
重定向到http://secondary.site.com
這裏是我的nginx的配置:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
server {
listen 80;
server_name main.site.com;
location/{
proxy_pass http://main.site.com:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443;
server_name main.site.com;
location/{
proxy_pass http://main.site.com:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
ssl on;
ssl_certificate /etc/nginx/certificates/cert.pem;
ssl_certificate_key /etc/nginx/certificates/kry.pkey;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers !EDH:!AECDH:!ADH:!DSS:!RC4:ECDSA:HIGH:+3DES;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1; #courbe ECDH
add_header Strict-Transport-Security "max-age=31536000";
}
server {
listen 80;
server_name secondary.site.com;
location/{
proxy_pass http://secondary.site.com:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# set client body size #
client_max_body_size 20M;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
}
你沒有'https:// secondary.site.com'的'server'塊,因此'nginx'將使用你唯一的'https'站點。 [此鏈接](http://nginx.org/en/docs/http/server_names.html)可能會有所幫助。 –
我想'https:// secondary.site.com'重定向到'http:// secondary.site.com',這樣它就可以使用具有9000端口的節點服務器 – StormTrooper
您是否擁有'secondary.site .com'?您需要爲'secondary.site.com'添加一個'server'塊,它偵聽端口443. –