zoukankan      html  css  js  c++  java
  • nginx二级域名代理

    二级域名带ssl证书代理

    在nginx配置文件,增加代理配置服务

        server {
            listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
            server_name api.dshvv.com;  #二级域名。
            root html;
            index index.html index.htm;
            ssl_certificate /home/ssl/dshvv.pem;   #将domain name.pem替换成您证书的文件名。
            ssl_certificate_key /home/ssl/dshvv.key;   #将domain name.key替换成您证书的密钥文件名。
            ssl_session_timeout 5m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
            ssl_prefer_server_ciphers on;   
            
            location / {
                 proxy_pass http://127.0.0.1:7777; #代理地址
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto $scheme;
                  proxy_set_header X-Forwarded-Port $server_port;
            }
        }
    意思是 遇到api.dshvv.com请求的时候,将代理至本地的7777服务。


    需要注意的是,需要在域名服务上,开启二级域名的解析

    普通二级域名配置

    因为ssl证书是针对以及域名的,二级域名提示无效风险,但是不影响使用,也就是说二级域名用https请求会提示ssl证书无效
    阿里有统配子域名的证书,但是要花钱,每年1-2k,还是算了。但是我们可以分别声情,这是免费的
    如果二级域名不配置证书,代理可以做如下新增

    server {
            listen 80;
            server_name api.dshvv.com;  #二级域名。
            root html;
            index index.html index.htm;
            
            location / {
                 proxy_pass http://127.0.0.1:7777; #代理地址
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto $scheme;
                  proxy_set_header X-Forwarded-Port $server_port;
            }
        }

    当然最好还是都加上,两种配置都写上,这样使用的时候有的选择

    最优方案

    1、配置两个域名证书

    2、同时支持http和https

    一下是最终的配置文件

    #user  nobody;
    worker_processes  1;
    
    #error_log  logs/error.log;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    
    #pid        logs/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';
    
        #access_log  logs/access.log  main;
    
        sendfile        on;
        #tcp_nopush     on;
    
        #keepalive_timeout  0;
        keepalive_timeout  65;
    
        #gzip  on;
    
        server {
            listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
            server_name localhost;  #将localhost修改为您证书绑定的域名,例如:www.example.com。
            root html;
            index index.html index.htm;
            ssl_certificate /home/ssl/dshvv.com_nginx/cert.pem;   #将domain name.pem替换成您证书的文件名。
            ssl_certificate_key /home/ssl/dshvv.com_nginx/cert.key;   #将domain name.key替换成您证书的密钥文件名。
            ssl_session_timeout 5m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
            ssl_prefer_server_ciphers on;   
            location / {
                root html;   #站点目录。
                index index.html index.htm;   
            }
        }
    
        server {
            listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
            server_name api.dshvv.com;  #二级域名。
            root html;
            index index.html index.htm;
            ssl_certificate /home/ssl/api.dshvv.com_nginx/cert.pem;   #将domain name.pem替换成您证书的文件名。
            ssl_certificate_key /home/ssl/api.dshvv.com_nginx/cert.key;   #将domain name.key替换成您证书的密钥文件名。
            ssl_session_timeout 5m;
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
            ssl_prefer_server_ciphers on;   
            
            location / {
                 proxy_pass http://127.0.0.1:7777; #代理地址
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto $scheme;
                  proxy_set_header X-Forwarded-Port $server_port;
            }
        }
    
        server {
            listen       80;
            server_name  localhost;
    
            #charset koi8-r;
    
            #access_log  logs/host.access.log  main;
    
            location / {
                root   html;
                index  index.html index.htm;
            }
    
            #error_page  404              /404.html;
    
            # redirect server error pages to the static page /50x.html
            #
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
    
            # proxy the PHP scripts to Apache listening on 127.0.0.1:80
            #
            #location ~ .php$ {
            #    proxy_pass   http://127.0.0.1;
            #}
    
            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
            #location ~ .php$ {
            #    root           html;
            #    fastcgi_pass   127.0.0.1:9000;
            #    fastcgi_index  index.php;
            #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            #    include        fastcgi_params;
            #}
    
            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /.ht {
            #    deny  all;
            #}
        }
    
        server {
            listen 80;
            server_name api.dshvv.com;  #二级域名。
            root html;
            index index.html index.htm;
            
            location / {
                 proxy_pass http://127.0.0.1:7777; #代理地址
                  proxy_set_header Host $host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto $scheme;
                  proxy_set_header X-Forwarded-Port $server_port;
            }
        }
    
    
        # another virtual host using mix of IP-, name-, and port-based configuration
        #
        #server {
        #    listen       8000;
        #    listen       somename:8080;
        #    server_name  somename  alias  another.alias;
    
        #    location / {
        #        root   html;
        #        index  index.html index.htm;
        #    }
        #}
    
    
        # HTTPS server
        #
        #server {
        #    listen       443 ssl;
        #    server_name  localhost;
    
        #    ssl_certificate      cert.pem;
        #    ssl_certificate_key  cert.key;
    
        #    ssl_session_cache    shared:SSL:1m;
        #    ssl_session_timeout  5m;
    
        #    ssl_ciphers  HIGH:!aNULL:!MD5;
        #    ssl_prefer_server_ciphers  on;
    
        #    location / {
        #        root   html;
        #        index  index.html index.htm;
        #    }
        #}
    
    }
    View Code
  • 相关阅读:
    网站微信扫码登陆总结以及在小程序登陆两者关联和关系,vue以及uniapp
    微信扫码登陆在chrome浏览器失败,浏览器禁止重定向
    element-ui多个表单如何同时验证
    vscode中react代码提示插件
    echarts主题全局颜色定义、自定义折线颜色--彩色折线图echarts
    vue本地储存加密
    Echarts多条折线图 y轴数值与实际值不符解决方法
    vue中swiper@5.3.6使用,
    解决 swiper设置loop为true时,echarts图表不显示
    vue+nginx配置,以及nginx配置跨域
  • 原文地址:https://www.cnblogs.com/dshvv/p/13252497.html
Copyright © 2011-2022 走看看