Nginx 配置捕获所有没有通配符的子域,如何修复?

tag-icon tag-icon nginx
Nginx 配置捕获所有没有通配符的子域,如何修复?

我的 Nginx 配置捕获了所有子域,但没有指定通配符。我为每个子域创建了一个特殊配置,但似乎所有子域都通过了主域配置。我通过从 nginx.conf 中删除子域配置文件并观察它如何仍然捕获所有子域发现了这一点,因此当我向 uk.domain.com 发送请求时,Nginx 不会捕获子域配置,而是通过主域配置。这给将 mod_pagespeed 单独应用于每个站点以及管理 GA 通用代码带来了麻烦。

主域的配置如下:

server {

        listen 80;
        listen 443 ssl;
        access_log  off;
        root /var/www/domain.com/wordpress;
        ssl_certificate /etc/ssl/private/cert_chain.crt;
        ssl_certificate_key /etc/ssl/private/server.key;

        index index.php index.html index.htm;
        server_name domain.com;
        if ($allow = no) {
        return 403;
        }
        if ($bad_referer) {
        return 444;
        }
         if ($scheme = http) {
        return 301 https://$server_name$request_uri;
        }

        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                access_log off; log_not_found off; expires max;
        }






        client_body_buffer_size 124K;

        client_header_buffer_size 1k;

        client_max_body_size 100m;

        large_client_header_buffers 4 16k;

        error_page 404 /404.html;

        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types application/json application/x-javascript application/xml text/javascript text/plain text/css application/javascript text/xml application/xml+rss;

        # Rewrites for Yoast SEO XML Sitemap
        rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
        rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
        include hhvm.conf;
        include domain.com-ps.conf;
        include multisite.conf;
        rewrite /wp-admin$ $scheme://$server_name$uri/ permanent;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
              root /usr/share/nginx/html;
        }

         if ($bad_client) { return 403; }



        location / {
        try_files $uri $uri/ /index.php?$args;

        add_header Access-Control-Allow-Headers "X-Requested-With";
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
        add_header Access-Control-Allow-Origin "*";
        }

如果我没有指定通配符,为什么这个配置会捕获所有子域?

Nginx.conf配置:

user www-data;
worker_processes 2;

#error_log    /var/log/nginx/logs/error.log;
#error_log   /var/log/nginx/logs/error.log  notice;
#error_log   /var/log/nginx/logs/error.log  info;
#access_log  off;
#pid        logs/nginx.pid;


events {
    worker_connections  2048;
}


http {

        access_log  off;
        include       mime.types;
        default_type  application/octet-stream;

        sendfile        on;
        tcp_nopush     on;

        #keepalive_timeout  0;
        keepalive_timeout  65;

        client_body_buffer_size 124K;
        client_header_buffer_size 1k;
        client_max_body_size 100m;
        large_client_header_buffers 4 32k;

        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_prefer_server_ciphers On;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;


        map $http_cf_ipcountry $allow {
        default yes;
        default yes;
        IN no;
        CN no;
        PK no;
        RU no;
        BD no;
        UA no;
}


        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types application/json application/x-javascript application/xml text/javascript text/plain text/css application/javascript text/xml application/xml+rss;
        include /etc/nginx/blacklist.conf;
        include /etc/nginx/domain.com;
#       include /etc/nginx/us.domain.com;
        include /etc/nginx/uk.domain.com;
        include /etc/nginx/ca.domain.com;
        include /etc/nginx/au.domain.com;
        include /etc/nginx/anotherdomain.com;
        include /etc/nginx/refer-spam.conf;
}

子域名配置文件:

server {

        listen 80;
        listen 443 ssl;
#       server_name_in_redirect off;
        access_log  on;
        error_log on;
        root /var/www/elsitar.com/wordpress;
        ssl_certificate /etc/ssl/private/cert_chain.crt;
        ssl_certificate_key /etc/ssl/private/server.key;

        index index.php index.html index.htm;
        server_name uk.domain.com;
        if ($allow = no) {
        return 403;
        }
         if ($scheme = http) {
        return 301 https://$server_name$request_uri;
        }

        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jp$
                access_log off; log_not_found off; expires max;
        }
        client_body_buffer_size 124K;

        client_header_buffer_size 1k;

        client_max_body_size 100m;

        large_client_header_buffers 4 16k;

        error_page 404 /404.html;



        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types application/json application/x-javascript application/xml te$

        # Rewrites for Yoast SEO XML Sitemap
        rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
        rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_$
        include hhvm.conf;
        include uk.domain.com-ps.conf;
        include multisite.conf;
        include uk.elsitar.com-ps.conf;
        include multisite.conf;
        rewrite /wp-admin$ $scheme://$server_name$uri/ permanent;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
              root /usr/share/nginx/html;
        }

         if ($bad_client) { return 403; }
       location / {
        try_files $uri $uri/ /index.php?$args;

        add_header Access-Control-Allow-Headers "X-Requested-With";
        add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
        add_header Access-Control-Allow-Origin "*";
        }
}

HHVM 配置回退到 fpm:

location ~ \.(hh|php)$ {
    proxy_intercept_errors on;
    error_page 502 = @fpm;
    try_files $uri /index.php;


    fastcgi_keep_conn on;
    fastcgi_pass   unix:/var/run/hhvm/hhvm.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

location @fpm {
  try_files $uri /index.php;
  include fastcgi_params;
#  fastcgi_pass unix:/var/run/php5-fpm.sock;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_index index.php;
  include fastcgi_params;
#  fastcgi_pass unix:/var/run/php5-fpm.sock;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_index index.php;
  fastcgi_pass    127.0.0.1:8000;
  fastcgi_buffers 32 16k;
}

Wordpress Multisite 重写:

# Rewrite rules for WordPress Multi-site.
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}

答案1

1.) 删除默认配置

rm -R /etc/nginx/sites-enabled/*

2.) 将配置移至 sites-available 文件夹

mv /etc/nginx/*.commain.com /sites-available

mv /etc/nginx/anotherdomain /站点可用

3.) 链接 sites-enabled 文件夹中的所有配置以“启用”它们。

ln -s /etc/nginx/sites-available/anyconfig /etc/nginx/sites-enabled/anyconfig

4.)重新加载Nginx

服务 nginx 配置测试

服务 nginx 重新加载

检查 listen 指令中以下部分的所有配置:“default_site”和“_”

两者都起到了捕获所有信息的机制的作用。

编辑 nginx.conf

删除所有包含并添加:include /etc/nginx/sites-enabled/*

按照此过程,您不再需要“通配符”Nginx 配置。要启用“全部捕获”,只需创建一个新配置,或编辑现有配置并添加“default_server”,如下所示:

服务器 {

听80;

监听443 ssl默认服务器;

... }

BR贝恩德

相关内容