Je suis nouveau sur nginx. J'ai deux domaines sur le même serveur. un basé sur https
& autre sur http
Nginx - Accès au domaine principal https lors de l'accès au domaine secondaire basé sur http avec https
-à-dire:
https://main.site.com //Accessing a node server app on port 3000
Et
http://secondary.site.com //Accessing a node server app on port 9000
Lorsque je tente d'accéder https://secondary.site.com
, il accède en fait mon code serveur https://main.site.com
, il devrait rediriger de https://secondary.site.com
vers http://secondary.site.com
Voici ma config nginx:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
server {
listen 80;
server_name main.site.com;
location/{
proxy_pass http://main.site.com:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443;
server_name main.site.com;
location/{
proxy_pass http://main.site.com:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
ssl on;
ssl_certificate /etc/nginx/certificates/cert.pem;
ssl_certificate_key /etc/nginx/certificates/kry.pkey;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers !EDH:!AECDH:!ADH:!DSS:!RC4:ECDSA:HIGH:+3DES;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1; #courbe ECDH
add_header Strict-Transport-Security "max-age=31536000";
}
server {
listen 80;
server_name secondary.site.com;
location/{
proxy_pass http://secondary.site.com:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# set client body size #
client_max_body_size 20M;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
}
Vous n'avez pas de bloc 'server' pour' https: // secondary.site.com', donc 'nginx' utilisera votre seul et unique site' https'. [Ce lien] (http://nginx.org/en/docs/http/server_names.html) peut aider. –
Je veux 'https: // secondary.site.com' pour rediriger vers' http: // secondary.site.com', afin qu'il puisse utiliser le serveur de noeud avec le port 9000 – StormTrooper
Avez-vous un certificat pour 'secondary.site .com'? Vous aurez besoin d'ajouter un bloc 'server' pour' secondary.site.com' qui écoute sur le port 443. –