一台云服务器配置多站点,多域名,多ssl证书,nginx转发,亲测可行
程序员文章站
2022-07-12 22:03:23
...
需求一开始只是利用nginx转发代理一个域名和https,所以ssl端口配置了一个443,服务正常可用。
后来需求需要使用多个程序,并且配置不同的域名,上线不同的站点,并且要以https安全证书访问的域名,查询资料看到多个IP,或者多个端口的方式,才发现443的端口在nginx的配置里是可以根据不同域名去跳转和配置的,也就是配置中可以写多个nginx的 server,配置如下:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
client_max_body_size 20M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
#@Settings for a TLS enabled server.
# 这里是你的第一个服务如web1
server {
listen 443 ssl ;
#listen [::]:443 ssl ;
server_name xxx.com; # 你的域名
#root /usr/share/nginx/html;
# 这里填好你之前拿到的ssl AC证书,放到你自己服务器的路径下
ssl_certificate /.../ssl/5829408_www.txdtest.top.pem;
ssl_certificate_key /.../ssl/5829408_www.txdtest.top.key;
#ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
location / { # 这里填写你的代理的服务地址和端口
proxy_pass http://xxx.xxx.xxx.xxx:8001; #这是上面我设置的Nginx运行端口5000,您根据自己的配置设置
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; # fix flask redirect生产环境 从https到http跳转
}
#用Nginx访问Flask静态文件 #静态文件在static的子目录或更低层的子目录中
location /static/(.*) {
root /home/..../flask1/; #这里的路径是绝对路径,xxx是指static目录的上级目录,一般是网站根目录
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server{
listen 8002; # 填写你监控的端口
server_name xxxx.com; #监控端口的域名
rewrite ^/(.*)$ https://xxxxx.com:443/$1 permanent;
}
# 这个位置就填写server2 就是你要代理的第二个web程序
server {
listen 443 ssl ; # 443这个位置和上一个一样
#listen [::]:443 ssl ;
server_name xxxx.com;
#root /usr/share/nginx/html;
ssl_certificate /.../ssl/6036772_zdyppf.com.pem;
ssl_certificate_key /.../ssl/6036772_zdyppf.com.key;
#ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
location / { # 填写你自己的服务地址
proxy_pass http://xxx.xxx.xxx.xxx:8005;
proxy_pass_header Authorization;
proxy_pass_header WWW-Authenticate;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static { # 填写你服务静态文件路径
alias /home/.../WebGUI/static;
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server{
listen 80;
server_name xxxx.com; # 填写你代理的端口和域名
rewrite ^/(.*)$ https://xxxx.com:443/$1 permanent;
}
}
最后
systemctl restart nginx
愉快