我想将我的几个网站整合到一台服务器上。我知道使用 nginx,我可以在端口上运行 Node.js 应用程序,并使用 nginx 使该端口指向域名(反之亦然)。
我想知道是否可以在 nginx 上将每个站点放在自己的文件夹中和/或在不同的端口上运行,并为每个站点启用 SSL。
编辑:这是我让多个网站在同一台服务器上运行的一个例子,并获得了 SSL Labs 的 A+ 评级。
##
# site A / 3001
##
server {
listen 80;
server_name domain.tld;
location / {
rewrite ^/(.*) https://$host$request_uri permanent;
}
}
server {
listen 443 ssl;
server_name domain.tld;
root /var/www/domain/public;
index index.html;
access_log off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/live/domain.tld/dhparams.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3001;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_key sfs$request_uri$scheme;
}
location ~* ^.+\.(jpg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html)$ {
expires 30d;
root /var/www/domain;
}
}
##
# site B / 3002
##
server {
listen 80;
server_name domain2.tld;
location / {
rewrite ^/(.*) https://$host$request_uri permanent;
}
}
server {
listen 443 ssl;
server_name domain2.tld;
root /var/www/domain2/public;
index index.html;
access_log off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl on;
ssl_certificate /etc/letsencrypt/live/domain2.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain2.tld/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/live/domain2.tld/dhparams.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3002;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_key sfs$request_uri$scheme;
}
location ~* ^.+\.(jpg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html)$ {
expires 30d;
root /var/www/domain2/public;
}
}
我希望这对其他人有所帮助,要做到这一点需要一些反复试验。
答案1
是的,nginx 可以做到。
您可以使用一个块在自己的虚拟主机中配置每个站点server
,并在其中配置server_name
SSL 证书参数。然后使用proxy_pass
指令使请求转到该特定站点的后端。
每个虚拟主机可以拥有自己的文档根目录,该虚拟主机的资源由该文档根目录提供。