我的 SSL 反向代理工作正常,但我不知道如何让 nginx 同时作为一个 PHP 目录的 SSL 代理和 Web 服务器工作。
server {
listen 10.0.0.20:80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 10.0.0.20:443 ssl http2 backlog=16384;
server_name example.com www.example.com;
ssl on;
ssl_certificate /home/ubuntu/example-ssl/example.crt;
ssl_certificate_key /home/ubuntu/example-ssl/example.key;
ssl_dhparam /home/ubuntu/example-ssl/dh2048.pem; # unique for each site
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_session_timeout 10m;
add_header Public-Key-Pins 'pin-sha256="example-pin"; pin-sha256="example-backup-pin"; max-age=5184000; includeSubDomains';
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
access_log off;
location / {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
}
上述代理很好,但是我如何同时从 /fusion 提供 Web 应用程序呢?
location /fusion {
try_files $uri $uri/ /index.php?q=$uri&$args;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-sitename-example.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /fusion/l/ {
rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last;
}
location /fusion/t/ {
rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last;
}
location /fusion/w/ {
rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last;
}
location /fusion/unsubscribe/ {
rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last;
}
location /fusion/subscribe/ {
rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last;
}
}
答案1
在对许多 fastcgi“文件未找到错误”感到困惑之后,我终于能够使用下面的代码使其工作。
将此代码附加到已经运行的反向代理允许我在主域的子目录中运行 PHP 应用程序。
root /var/www/example;
index index.php index.html;
location /example {
root /var/www/example;
try_files $uri $uri/ $uri.php?$args;
index index.php index.html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 150;
}