如何在nginx中设置子域? [英] How setup subdomain in nginx?
问题描述
我从一开始就尝试了几次,但仍然无法使用我的子域.我有 ubuntu Nginx.我想创建一个客户端和后端(子域)域.
I tried a few times do from the beginning but still, my subdomain doesn't work. I have ubuntu Nginx. I want to create a client-side and backend(subdomain) domain.
客户端配置(正常工作):
The client-side config(work correctly):
server {
root /var/www/html/dist;
# Add index.php to the list if you are using PHP
index index.html;
server_name hookahscope.com www.hookahscope.com;
location ~ ^/(sitemap.xml) {
root /var/www/html/public;
}
location / {
try_files $uri /index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = www.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name hookahscope.com www.hookahscope.com;
return 404; # managed by Certbot
}
更新:我的客户端(主域)配置有额外的配置,这是冲突
UPDATED: My client side(main domain) config has additional configs and this is the conflict
server {
if ($host = www.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.api.hookahscope.com api.hookahscope.com; # managed by Certb>
return 404; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = www.api.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.api.hookahscope.com api.hookahscope.com;
return 404; # managed by Certbot
}
和后端配置:
server {
listen 80;
root /var/www/backend;
# Add index.php to the list if you are using PHP
index index.html;
server_name api.hookahscope.com;
location ~ ^/(sitemap.xml) {
root /var/www/html/public;
}
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri /index.html;
}
}
我在 pm2 上运行后端(服务器是带有 express 的 nodejs)所以,在本地我可以通过命令在 8081 端口上看到后端:
I run backend on pm2(server is nodejs with express) So, locally I can see backend on 8081 port by command :
curl http://localhost:8081/
Nginx 显示一些错误,但对我没有帮助:
Nginx show some error, but it is not helped me:
sudo nginx -t
nginx: [warn] conflicting server name "api.hookahscope.com" on 0.0.0.0:80, ignored
当然,如果去掉listen 80,错误就会消失;从子域配置,但我找不到我应该设置的内容而不是
Of course, the error disappear if remove listen 80; from the subdomain config, but I can't find what I should setup instead of
UPDATED2我的子域配置:
server {
server_name api.hookahscope.com;
#location ~ ^/(sitemap.xml) {
# root /var/www/html/public;
#}
location / {
proxy_pass http://localhost:8081/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
推荐答案
而不是通过 if ($host = hookahscope.com) { ... } 检查
我建议将定义两个 Host
HTTP 标头server
块的请求过滤为 建议 由官方 nginx 文档(阅读 this 回答详细说明).有两个单独的 SSL server
块,您不应该在 listen
指令上使用 ipv6only=on
标志(阅读 this 线程了解详情).以下是我推荐使用的配置:
Instead of checking the Host
HTTP header via the if ($host = hookahscope.com) { ... }
I recommend to filter the requests defining two server
blocks as suggested by official nginx documentation (read this answer for detailed description). Having two separate SSL server
blocks you shouldn't use the ipv6only=on
flag on listen
directive (read this thread for details). Here is the configuration I recommend to use:
server {
# redirect HTTP to HTTPS for requests where the HTTP 'Host' header equal to one of our domains
listen 80;
listen [::]:80;
server_name hookahscope.com www.hookahscope.com api.hookahscope.com;
return 301 https://$http_host$request_uri;
}
server {
# close the connection immediately for the rest of requests
listen 80 default_server;
listen [::]:80 default_server;
return 444;
}
server {
# frontend
listen 443 ssl;
listen [::]:443 ssl;
server_name hookahscope.com www.hookahscope.com;
root /var/www/html/dist;
# SSL configuration made by certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
location = /sitemap.xml {
root /var/www/html/public;
}
location / {
try_files $uri /index.html;
}
}
server {
# backend
listen 443 ssl;
listen [::]:443 ssl;
server_name api.hookahscope.com;
# SSL configuration made by certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
这篇关于如何在nginx中设置子域?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!