我当前的nginx
配置如下:
(当前两个)域的具体配置:
server {
listen 443 ssl;
server_name studiotv.service.tebusco.lan phpmyadmin.service.tebusco.lan;
ssl_certificate /home/administrador/nginx-confs/ssl/service.tebusco.lan.crt;
ssl_certificate_key /home/administrador/nginx-confs/ssl/service.tebusco.lan.key;
location / {
proxy_pass http://127.0.0.1:8180;
proxy_set_header Host $http_host:8180;
}
}
不匹配的 SSL 连接的默认配置:
server {
listen 443 default ssl;
ssl_certificate /home/administrador/nginx-confs/ssl/service.tebusco.lan.crt;
ssl_certificate_key /home/administrador/nginx-confs/ssl/service.tebusco.lan.key;
location / {
return 403;
}
}
http配置:
server {
listen 80;
rewrite ^ https://$host$request_uri? permanent;
}
其意图很明确:
- 将 http 流量重定向到 https。
- 将来自 phpmyadmin.service.tebusco.lan 和 studiotv.service.tebusco.lan 的每个 https:// 调用代理到 apache2。这包括传递检测到的主机标头。
- 每个不匹配的 SSL 连接都必须在 nginx 中返回 403。甚至无法到达 apache2。
在 apache2 的生命周期中,我有一个默认站点和一个与 studiotv.service.tebusco.lan 匹配的非默认站点:
000-default.conf 文件(可用且已启用):
<VirtualHost 127.0.0.1:8180>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName localhost
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
Order deny,allow
Require all granted
</Directory>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
studiotv.conf 文件(可用且已启用):
<VirtualHost *:8180>
ServerName studiotv.service.tebusco.lan
ServerAdmin [email protected]
DocumentRoot /var/www/studiotv
<Directory /var/www/studiotv/>
Options -Indexes +FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
# No usamos ${APACHE_LOG_DIR} sino en su lugar /var/log/<host>
ErrorLog /var/log/apache2/studiotv/error.log
CustomLog /var/log/apache2/studiotv/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
然而,当我使用 访问浏览器时http://studiotv.service.tebusco.lan
,显示的却是默认的 php 页面。
问题:我错过了什么?(apache 2.4.7,nginx 1.6.0,ubuntu server 14.04)。