server块来实现根据域名和协议(http、https)分发请求。以下是一个示例:,,“nginx,http {, server {, listen 80;, server_name example.com;, location / {, proxy_pass http://backend;, }, },, server {, listen 443 ssl;, server_name example.com;, ssl_certificate /path/to/ssl_certificate;, ssl_certificate_key /path/to/ssl_certificate_key;, location / {, proxy_pass http://backend;, }, },},`,,在这个示例中,我们为example.com域名配置了两个server块,一个用于处理HTTP请求(监听80端口),另一个用于处理HTTPS请求(监听443端口并启用SSL)。这样,Nginx会根据请求的协议自动将请求分发到相应的server`块。Nginx实现根据域名http、https分发配置示例
Nginx 是一种高性能的 HTTP 和反向代理服务器,广泛应用于负载均衡、HTTP缓存和静态网页服务,在实际应用中,经常需要根据不同的域名或协议(如 HTTP 和 HTTPS)来分发请求到不同的后端服务,本文将介绍如何使用 Nginx 根据域名以及 HTTP 和 HTTPS 协议进行分发配置。
环境准备
1、安装 Nginx:确保系统已经安装了 Nginx,可以通过包管理工具进行安装,例如aptget 或yum。
2、域名解析:确保域名已正确解析到服务器的 IP 地址。
3、SSL 证书:如果使用 HTTPS,需要准备有效的 SSL 证书和私钥。
配置示例
假设我们有两个域名example.com 和secure.example.com,分别处理 HTTP 和 HTTPS 请求,以下是 Nginx 配置文件的示例:
1. 编辑 Nginx 主配置文件
Nginx 的主配置文件位于/etc/nginx/nginx.conf,我们需要在该文件中定义一些基本的设置:
user wwwdata;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modulesenabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octetstream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configurations
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sitesenabled/*;
}
2. 创建站点配置文件
在/etc/nginx/sitesavailable 目录下创建两个配置文件example.com 和secure.example.com,然后创建符号链接到/etc/nginx/sitesenabled 目录。
example.com (HTTP)
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header XRealIP $remote_addr;
proxy_set_header XForwardedFor $proxy_add_x_forwarded_for;
proxy_set_header XForwardedProto $scheme;
}
}
secure.example.com (HTTPS)
server {
listen 443 ssl;
server_name secure.example.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
proxy_pass http://localhost:8443;
proxy_set_header Host $host;
proxy_set_header XRealIP $remote_addr;
proxy_set_header XForwardedFor $proxy_add_x_forwarded_for;
proxy_set_header XForwardedProto $scheme;
}
}
3. 启用站点配置
为新创建的配置文件创建符号链接:
sudo ln s /etc/nginx/sitesavailable/example.com /etc/nginx/sitesenabled/ sudo ln s /etc/nginx/sitesavailable/secure.example.com /etc/nginx/sitesenabled/
4. 测试并重新加载 Nginx 配置
在应用新的配置之前,建议先测试配置文件的正确性:
sudo nginx t
如果没有错误,重新加载 Nginx:
sudo systemctl reload nginx
FAQs
Q1: SSL 证书过期了怎么办?
A1: SSL 证书过期,你需要更新证书文件并将其路径更新到 Nginx 配置文件中,然后重新加载 Nginx 配置以使更改生效,可以使用命令sudo openssl dhparam out /etc/nginx/ssl/dhparam.pem 2048 生成新的 DiffieHellman 参数文件,并在 Nginx 配置文件中使用ssl_dhparam 指令指定该文件,重新加载 Nginx 配置。
Q2: 如何在 Nginx 中设置 HTTP 重定向到 HTTPS?
A2: 你可以通过在 Nginx 配置文件中添加一个服务器块来实现 HTTP 到 HTTPS 的重定向。
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
这个配置会将所有访问example.com 的 HTTP 请求重定向到 HTTPS。
user nobody;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octetstream;
log_format main '$remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server {
listen 80;
server_name www.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHEECDSAAES128GCMSHA256:ECDHERSAAES128GCMSHA256:ECDHEECDSAAES256GCMSHA384:ECDHERSAAES256GCMSHA384:DHERSAAES128GCMSHA256:DHERSAAES256GCMSHA384';
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
# another virtual host using mix of IP, name, and port
#server {
# listen 8000;
# server_name localhost;
# location / {
# proxy_pass http://127.0.0.1:8000/;
# }
#}
# server block for http://example.com
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
# server block for https://example.com
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHEECDSAAES128GCMSHA256:ECDHERSAAES128GCMSHA256:ECDHEECDSAAES256GCMSHA384:ECDHERSAAES256GCMSHA384:DHERSAAES128GCMSHA256:DHERSAAES256GCMSHA384';
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
}
这个Nginx配置文件包含了两个服务器块,一个用于处理HTTP请求的重定向到HTTPS,另一个用于处理HTTPS请求。
1、第一个服务器块监听80端口,对应HTTP请求,它将所有请求重定向到HTTPS版本(443端口)的同一域名。
2、第二个服务器块监听443端口,对应HTTPS请求,它提供了SSL证书信息,并设置了SSL相关的配置,如协议、密钥和会话缓存等。
3、第三个和第四个服务器块分别对应example.com和www.example.com的HTTP和HTTPS请求,它们同样设置了重定向到HTTPS。
您需要替换/etc/ssl/certs/example.com.crt和/etc/ssl/private/example.com.key路径下的SSL证书和密钥文件为您的实际证书路径。
原创文章,作者:未希,如若转载,请注明出处:https://www.kdun.com/ask/1170243.html
