nginx在https上配置子域名

Question

我有一個VPS Ghost安裝，它在nginx上運行。我爲它創建了一個SSL證書，並且一切正常，除了在使用HTTP時，所有http://subdomain.example.com總是重定向回我的主要https://example.com。

但是，如果我訪問https://subdomain.example.com，它不會重定向回example.com。我想確保當我的用戶訪問*.example.com時，他們不會重定向回主域，無論他們是否使用HTTP/S。

背後的原因是因爲我試圖在自己的子域上設置ownCloud，目前只能通過example.com/cloud訪問它。

我花了很多時間在nginx上配置conf文件，請大家幫忙！

這裏是我的兩個nginx的配置文件 -

對於主站點：

server { 
    listen    80; 
    server_name   notepad.li; 
    ssl_certificate /etc/letsencrypt/live/notepad.li/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/notepad.li/privkey.pem; 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    return   301 https://$server_name$request_uri; 
} 

server {     
    listen    443 ssl; 
    server_name   notepad.li; 

    root /var/www/ghost/;          
    ssl_certificate /etc/letsencrypt/live/notepad.li/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/notepad.li/privkey.pem; 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_dhparam /etc/ssl/certs/dhparam.pem; 
    ssl_session_timeout 1d; 
    ssl_session_cache shared:SSL:50m; 
    ssl_stapling on; 
    ssl_stapling_verify on; 
    add_header Strict-Transport-Security max-age=15768000;  
    client_max_body_size 200M; 

    location ~ /.well-known { 
       allow all; 
     } 

    location/{ 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header Host  $http_host; 
     proxy_pass   http://127.0.0.1:2368;          
    }  

    location /robots.txt { 
     alias /var/www/notepad/robots.txt; 
    } 
    rewrite ^/cloud$ /cloud/ redirect; 
    rewrite ^/cloud/$ /cloud/index.php; 
    rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect; 
    rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; 
    location /cloud/ { 
    alias /var/www/owncloud/; 
    location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ { 
     deny all; 
    } 

    location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) { 
     deny all; 
    } 
    } 

    location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ { 
    # note: ~ has precendence over a regular location block 
    # Accept URLs like: 
    # /cloud/index.php/apps/files/ 
    # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d) 
    # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240) 
    # /cloud/remote.php/webdav/yourfilehere... 
    include fastcgi_params; 
    fastcgi_param SCRIPT_FILENAME /var/www/owncloud/$2; 
    fastcgi_param SCRIPT_NAME $1$2; 
    fastcgi_param PATH_INFO $3; 
    fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; 
    fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel; 
    fastcgi_read_timeout 630; 
    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; 
    client_max_body_size 1G; 
    fastcgi_buffers 64 4K; 
    } 
    location ^~ /owncloud-xaccel/ { 
    # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. ownCloud sends the full file 
    # path on disk as a subdirectory under this virtual path. 
    # We must only allow 'internal' redirects within nginx so that the filesystem 
    # is not exposed to the world. 
    internal; 
    alias /; 
    } 
    location ~ ^/((caldav|carddav|webdav).*)$ { 
    # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. 
    # Properly proxying like this seems to work fine. 
    proxy_pass https://127.0.0.1/cloud/remote.php/$1; 
    } 
    rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; 
    rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; 
    rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; 
    rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect; 



} 

---

對於子域：

upstream php-handler { 
    server unix:/run/php/php7.0-fpm.sock; 
} 

server { 
    listen 80; 
    server_name box.notepad.li; 
    # enforce https 
    return 301 https://$server_name$request_uri; 
} 

server { 
    listen 443 ssl; 
    server_name box.notepad.li; 

    ssl_certificate /etc/letsencrypt/live/box.notepad.li/fullchain.crt; 
    ssl_certificate_key /etc/letsencrypt/live/box.notepad.li/privkey.key; 

    # Add headers to serve security related headers 
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; 
    add_header X-Content-Type-Options nosniff; 
    add_header X-Frame-Options "SAMEORIGIN"; 
    add_header X-XSS-Protection "1; mode=block"; 
    add_header X-Robots-Tag none; 
    add_header X-Download-Options noopen; 
    add_header X-Permitted-Cross-Domain-Policies none; 

    # Path to the root of your installation 
    root /var/www/owncloud/; 
    # set max upload size 
    client_max_body_size 10G; 
    fastcgi_buffers 64 4K; 

    # Disable gzip to avoid the removal of the ETag header 
    gzip off; 

    # Uncomment if your server is build with the ngx_pagespeed module 
    # This module is currently not supported. 
    #pagespeed off; 

    index index.php; 
    error_page 403 /core/templates/403.php; 
    error_page 404 /core/templates/404.php; 

    rewrite ^/.well-known/carddav /remote.php/dav/ permanent; 
    rewrite ^/.well-known/caldav /remote.php/dav/ permanent; 

    # The following 2 rules are only needed for the user_webfinger app. 
    # Uncomment it if you're planning to use this app. 
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; 
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; 

    location = /robots.txt { 
    allow all; 
    log_not_found off; 
    access_log off; 
    } 

    location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { 
    deny all; 
    } 

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { 
    deny all; 
    } 

    location/{ 

    rewrite ^/remote/(.*) /remote.php last; 

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; 

    try_files $uri $uri/ =404; 
    } 

    location ~ \.php(?:$|/) { 
    fastcgi_split_path_info ^(.+\.php)(/.+)$; 
    include fastcgi_params; 
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
    fastcgi_param PATH_INFO $fastcgi_path_info; 
    fastcgi_param HTTPS on; 
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice 
    fastcgi_pass php-handler; 
    fastcgi_intercept_errors on; 
    } 

    # Adding the cache control header for js and css files 
    # Make sure it is BELOW the location ~ \.php(?:$|/) { block 
    location ~* \.(?:css|js)$ { 
    add_header Cache-Control "public, max-age=7200"; 
    # Add headers to serve security related headers 
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; 
    add_header X-Content-Type-Options nosniff; 
    add_header X-Frame-Options "SAMEORIGIN"; 
    add_header X-XSS-Protection "1; mode=block"; 
    add_header X-Robots-Tag none; 
    add_header X-Download-Options noopen; 
    add_header X-Permitted-Cross-Domain-Policies none; 
    # Optional: Don't log access to assets 
    access_log off; 
    } 

    # Optional: Don't log access to other assets 
    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { 
    access_log off; 
    } 
} 

我已經複製/粘貼+修改nginx的配置代碼，關於ownCloud。我檢查了一切，似乎很好。我究竟做錯了什麼？爲什麼我不能訪問http://subdomain.example.com而未將其重定向到https://example.com？

Answer 1

一如既往，我忘了三重檢查我的nginx核心文件。正如評論中指出的那樣，我忘記了將include sites-enabled;包含在nginx.conf中，然後爲該文件夾中的新子域配置創建一個符號鏈接。

再次感謝！