我在 aws 服务器中使用 nginx,并在其中托管 2 个 ruby on rails 应用程序。我的一台服务器(example.com 位于示例文件下方)启用了 HTTPS,另一台服务器(test.com)使用 HTTP。
现在我面临的问题是https://test.com能够访问 example.com(这不应该发生)。test.com 配置为端口 80,它也能访问端口 443。
这是我的 nginx 配置文件:
upstream example {
server unix:///tmp/example.sock;
}
upstream test {
server unix:///tmp/test.sock;
}
server {
listen 80;
server_name example.com; # change to match your URL
return 301 https://$server_name$request_uri;
}
server {
listen 443 default;
server_name example.com;
root /home/deploy/example/current/public;
ssl on;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
location / {
client_max_body_size 15M;
client_body_buffer_size 128k;
proxy_pass http://example; # match the name of upstream directive which is defined above
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* ^/assets/ {
# Per RFC2616 - 1 year maximum expiry
expires 1y;
add_header Cache-Control public;
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
add_header Last-Modified "";
add_header ETag "";
break;
}
}
server {
listen 80 default_server;
server_name test.com www.test.com blog.test.com; # change to match your URL
root /home/deploy/test/current/public; # I assume your app is located at this location
location / {
proxy_pass http://test; # match the name of upstream directive which is defined above
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* ^/assets/ {
# Per RFC2616 - 1 year maximum expiry
expires 1y;
add_header Cache-Control public;
# Some browsers still send conditional-GET requests if there's a
# Last-Modified header or an ETag header even if they haven't
# reached the expiry date sent in the Expires header.
add_header Last-Modified "";
add_header ETag "";
break;
}
}
答案1
如果您只有一个 IP 地址,则可以重定向https://test.com到http://test.com新增server如下部分:
server {
listen 443 ssl;
server_name test.com www.test.com blog.test.com;
ssl_certificate example_or_test.com.crt;
ssl_certificate_key example_or_test.com.key;
return 301 http://$server_name$request_uri;
}
不幸的是,如果您没有 test.com 的有效证书或者使用 example.com 证书,此解决方案将在浏览器中发出警告。
旧回复
您可以使用:
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
...
}
看:http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
如果您只有一个IP,NGinx支持SNI。
看:http://nginx.org/en/docs/http/configuring_https_servers.html#sni