1. Accueil
  2. Question et réponse
  3. Nginx - Accès au domaine principal https lors de l'accès au domaine secondaire basé sur http avec https

Nginx - Accès au domaine principal https lors de l'accès au domaine secondaire basé sur http avec https

2017-10-20 26 views
0

Je suis nouveau sur nginx. J'ai deux domaines sur le même serveur. un basé sur https & autre sur httpNginx - Accès au domaine principal https lors de l'accès au domaine secondaire basé sur http avec https

-à-dire:

https://main.site.com //Accessing a node server app on port 3000

Et

http://secondary.site.com //Accessing a node server app on port 9000

Lorsque je tente d'accéder https://secondary.site.com, il accède en fait mon code serveur https://main.site.com, il devrait rediriger de https://secondary.site.com vers http://secondary.site.com

Voici ma config nginx:

user www-data; 
worker_processes auto; 
pid /run/nginx.pid; 

events { 
     worker_connections 768; 
     # multi_accept on; 
} 

http { 

     ## 
     # Basic Settings 
     ## 

     server { 
       listen  80; 
       server_name main.site.com; 
       location/{ 
         proxy_pass   http://main.site.com:3000; 
         proxy_set_header Host    $host; 
         proxy_set_header X-Real-IP  $remote_addr; 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
         proxy_set_header X-Client-Verify SUCCESS; 
         proxy_set_header X-Client-DN  $ssl_client_s_dn; 
         proxy_set_header X-SSL-Subject $ssl_client_s_dn; 
         proxy_set_header X-SSL-Issuer  $ssl_client_i_dn; 
         proxy_read_timeout 1800; 
         proxy_connect_timeout 1800; 
         proxy_http_version 1.1; 
         proxy_set_header Upgrade $http_upgrade; 
         proxy_set_header Connection "upgrade"; 
       } 
     } 


     server { 
       listen    443; 
       server_name   main.site.com; 
       location/{ 
         proxy_pass   http://main.site.com:3000; 
         proxy_set_header Host    $host; 
         proxy_set_header X-Real-IP  $remote_addr; 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
         proxy_set_header X-Client-Verify SUCCESS; 
         proxy_set_header X-Client-DN  $ssl_client_s_dn; 
         proxy_set_header X-SSL-Subject $ssl_client_s_dn; 
         proxy_set_header X-SSL-Issuer  $ssl_client_i_dn; 
         proxy_read_timeout 1800; 
         proxy_connect_timeout 1800; 
         proxy_http_version 1.1; 
         proxy_set_header Upgrade $http_upgrade; 
         proxy_set_header Connection "upgrade"; 
       } 
       ssl     on; 
       ssl_certificate   /etc/nginx/certificates/cert.pem; 
       ssl_certificate_key /etc/nginx/certificates/kry.pkey; 
       ssl_protocols  TLSv1 TLSv1.1 TLSv1.2; 
       ssl_ciphers !EDH:!AECDH:!ADH:!DSS:!RC4:ECDSA:HIGH:+3DES; 
       ssl_prefer_server_ciphers on; 
       ssl_ecdh_curve secp384r1; #courbe ECDH 
       add_header Strict-Transport-Security "max-age=31536000"; 
     } 

     server { 
       listen  80; 
       server_name secondary.site.com; 
       location/{ 
         proxy_pass   http://secondary.site.com:9000; 
         proxy_set_header Host    $host; 
         proxy_set_header X-Real-IP  $remote_addr; 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
         proxy_set_header X-Client-Verify SUCCESS; 
         proxy_set_header X-Client-DN  $ssl_client_s_dn; 
         proxy_set_header X-SSL-Subject $ssl_client_s_dn; 
         proxy_set_header X-SSL-Issuer  $ssl_client_i_dn; 
         proxy_read_timeout 1800; 
         proxy_connect_timeout 1800; 
         proxy_http_version 1.1; 
         proxy_set_header Upgrade $http_upgrade; 
         proxy_set_header Connection "upgrade"; 
       } 
     } 



     # set client body size # 
     client_max_body_size 20M; 

     sendfile on; 
     tcp_nopush on; 
     tcp_nodelay on; 
     keepalive_timeout 65; 
     types_hash_max_size 2048; 
     # server_tokens off; 

     # server_names_hash_bucket_size 64; 
     # server_name_in_redirect off; 

     include /etc/nginx/mime.types; 
     default_type application/octet-stream; 

     ## 
     # SSL Settings 
     ## 

     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE 
     ssl_prefer_server_ciphers on; 

}

Source

2017-10-20 StormTrooper

+0

Vous n'avez pas de bloc 'server' pour' https: // secondary.site.com', donc 'nginx' utilisera votre seul et unique site' https'. [Ce lien] (http://nginx.org/en/docs/http/server_names.html) peut aider. –

+0

Je veux 'https: // secondary.site.com' pour rediriger vers' http: // secondary.site.com', afin qu'il puisse utiliser le serveur de noeud avec le port 9000 – StormTrooper

+0

Avez-vous un certificat pour 'secondary.site .com'? Vous aurez besoin d'ajouter un bloc 'server' pour' secondary.site.com' qui écoute sur le port 443. –

Répondre

0

Puisque vous voulez que votre site principal sur https et secondaire sur http, vous pouvez utiliser quelque chose comme ci-dessous

user www-data; 
worker_processes auto; 
pid /run/nginx.pid; 

events { 
     worker_connections 768; 
     # multi_accept on; 
} 

http { 

     ## 
     # Basic Settings 
     ## 

     server { 
      listen 80 default; 
      server_name _; 
      return 301 http://secondary.site.com; 
     } 

     server { 
       listen 443 ssl; 
       server_name main.site.com; 
       ssl_certificate   /etc/nginx/certificates/cert.pem; 
       ssl_certificate_key /etc/nginx/certificates/kry.pkey; 
       ssl_protocols  TLSv1 TLSv1.1 TLSv1.2; 
       ssl_ciphers !EDH:!AECDH:!ADH:!DSS:!RC4:ECDSA:HIGH:+3DES; 
       ssl_prefer_server_ciphers on; 
       ssl_ecdh_curve secp384r1; #courbe ECDH 
       add_header Strict-Transport-Security "max-age=31536000"; 

       location/{ 
         proxy_pass   http://127.0.0.1:3000; 
         proxy_set_header Host    $host; 
         proxy_set_header X-Real-IP  $remote_addr; 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
         proxy_set_header X-Client-Verify SUCCESS; 
         proxy_set_header X-Client-DN  $ssl_client_s_dn; 
         proxy_set_header X-SSL-Subject $ssl_client_s_dn; 
         proxy_set_header X-SSL-Issuer  $ssl_client_i_dn; 
         proxy_read_timeout 1800; 
         proxy_connect_timeout 1800; 
         proxy_http_version 1.1; 
         proxy_set_header Upgrade $http_upgrade; 
         proxy_set_header Connection "upgrade"; 
       } 
     } 

     server { 
       listen  80; 
       server_name secondary.site.com; 
       location/{ 
         proxy_pass   http://127.0.0.1:9000; 
         proxy_set_header Host    $host; 
         proxy_set_header X-Real-IP  $remote_addr; 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
         proxy_set_header X-Client-Verify SUCCESS; 
         proxy_set_header X-Client-DN  $ssl_client_s_dn; 
         proxy_set_header X-SSL-Subject $ssl_client_s_dn; 
         proxy_set_header X-SSL-Issuer  $ssl_client_i_dn; 
         proxy_read_timeout 1800; 
         proxy_connect_timeout 1800; 
         proxy_http_version 1.1; 
         proxy_set_header Upgrade $http_upgrade; 
         proxy_set_header Connection "upgrade"; 
       } 
     } 



     # set client body size # 
     client_max_body_size 20M; 

     sendfile on; 
     tcp_nopush on; 
     tcp_nodelay on; 
     keepalive_timeout 65; 
     types_hash_max_size 2048; 
     # server_tokens off; 

     # server_names_hash_bucket_size 64; 
     # server_name_in_redirect off; 

     include /etc/nginx/mime.types; 
     default_type application/octet-stream; 

     ## 
     # SSL Settings 
     ## 

     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE 
     ssl_prefer_server_ciphers on; 

}

Dans ce secondary.site.com n'écoute sur port 80, et principal seulement sur le port https. J'ai une redirection par défaut pour tout trafic http directement sur le site secondaire. Mais vous pouvez personnaliser cela en fonction de vos besoins

Source

2017-10-21 13:48:19

 Questions connexes

  • Aucun problème connexe^_^