NGINX:使用1个域名为多个端口设置SSL证书 [英] NGINX: Setup SSL Certificate for multiple ports using 1 domain name
问题描述
我已经建立了一个使用Rest API来获取其所有数据的网站.我的网站已通过SSL证书保护.我的默认文件(etc/nginx/sites-enabled/default)如下所示:
I've build a website that uses a Rest API to get all its data. My website is secured with a SSL certifcate. My default file (etc/nginx/sites-enabled/default) looks like this:
server {
listen 80;
server_name example.com;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
listen [::]:80 default_server;
root /var/www/example;
index index.html;
server_name example.com;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri $uri/ =404;
}
}
问题是我的Rest API(我从那里获取所有数据)也必须具有SSL证书,才能将所有数据安全地传输到我的网站.
The problem is that my Rest API (where I get all my data from) must have a SSL certificate aswell to transfer all the data securely to my website.
我在默认文件(etc/nginx/sites-enabled/default)中为其余api创建了另一个服务器块.看起来像这样:
I created another server block for the rest api in my default file (etc/nginx/sites-enabled/default). It looks like this:
server {
listen 8877;
server_name example.com;
rewrite ^/(.*) https://example.com:8877/$1 permanent;
}
server {
listen 443 ssl;
listen [::]:8877 default_server;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name example.com;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://example.com:1111;
}
}
我知道我应该这样合并它们:
I know I should combine them like this:
server {
listen 80ssl;
listen 8877 ssl;
index index.html index.htm index.nginx-debian.html;
server_name example.com;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
// DO SOMETHING
}
}
问题是我需要定位块在端口80和端口8877上均具有不同的功能.在端口8877上,定位块应指向在背景proxy_pass http://example.com:1111;中运行的NodeJS项目.在端口80上,它不应指向我的NodeJS项目.我该怎么做?
The problem is that I need the location block to function differently on both the port 80 and port 8877. On port 8877 the location block should point to my NodeJS project that is running in the backround proxy_pass http://example.com:1111;. On port 80 it shouldn't point to my NodeJS project. How can I accomplish this?
还是有更好的方法来做到这一点?我已经被这个问题困扰了2天了.无法购买第二个域或SSL证书,我的证书支持单个域上的多个端口.
Or are there better ways to accomplish this? I've been stuck for 2 days now with this problem. Buying a second domain or SSL certificate isn't an option + my ceritifcate supports multiple ports on a single domain.
推荐答案
这就是我要做的/尝试的事情:
This is what I would do/try:
(如果不需要,请考虑关闭TLS 1.0)
(You should consider turning off TLS 1.0 if you don't need it)
# General HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name example.com default_server;
location / {
return 302 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com default_server;
root /var/www/example;
index index.html;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 8877 ssl;
listen [::]:8877 ssl;
server_name example.com;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://example.com:1111;
}
}
这篇关于NGINX:使用1个域名为多个端口设置SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
