尝试在其他服务器名称上设置默认 404 页面

尝试在其他服务器名称上设置默认 404 页面

我的服务器上有一个域名(http、https)。我想在所有其他请求的域名上返回 404 错误代码响应。

我的托管域配置:

server {
    listen              443 ssl;
    server_name         www.example.com;
    # ssl_certificate     /etc/nginx/ssl/www.example.com.bundle.crt;
    ssl_certificate     /etc/nginx/ssl/cert.crt;
    ssl_certificate_key /etc/nginx/ssl/www.example.com.key;

    ssl_session_timeout 24h;
    ssl_session_cache shared:SSL:10m;

    ssl_dhparam /etc/nginx/ssl/dhparams.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/ssl/gandi_intermediate_chain.bundle.crt;

    resolver 127.0.0.1;

    charset     utf-8;

    access_log  /var/log/nginx/example.com.ssl.access.log;
    error_log  /var/log/nginx/example.com.ssl.error.log;

    client_max_body_size 45M;

    location / {
        uwsgi_pass  unix:/var/run/uwsgi/app/example.com/socket;
        include     /data/ex-ample/uwsgi_params;
        uwsgi_param SCRIPT_NAME '';
    }
}

server {
  server_name example.eu;
  return 301 https://www.example.com;
}
server {
  server_name example.fr;
  return 301 https://www.example.com;
}

server {
  server_name example.ch;
  return 301 https://www.example.com;
}

server {
  server_name example.be;
  return 301 https://www.example.com;
}

server {
  server_name www.example.com;
  return 301 https://www.example.com;
}

server {
  server_name example.com;
  return 301 https://www.example.com;
}

server {
  server_name .ex-ample.com;
  return 301 https://www.example.com;
}

我的默认配置:

server {
  listen 80 default_server;
  server_name _;
  access_log /dev/null;
  error_log  /dev/null;
  location / {
    return 404 'Not found';
  }
}

server {
   listen 443 ssl default_server;
   server_name _;
   access_log /dev/null;
   error_log /dev/null;
   location / {
    return 404 'Not found';
  }
}

通过此配置,重定向http工作正常:

curl http://example.com 
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.6.2</center>
</body>
</html>

但是 example.com 上的 https 已损坏在其他主机上:

curl --insecure https://www.example0123456789.com/ 
curl: (35) Unknown SSL protocol error in connection to www.example0123456789.com:443 

curl --insecure https://example.com                               
curl: (35) Unknown SSL protocol error in connection to example.com:443

因此,有两个问题:

  • 为什么 example.com 配置会受到我的默认配置的影响?
  • 如何使默认 https 响应有效(可以是不安全的、自签名证书)?

答案1

您应该使用这些server块来代替您的server块进行重定向:

server {
    listen 80;
    server_name example.eu example.fr example.ch example.be www.example.com example.com ex-ample.com;
    return 301 https://www.example.com;
}

server {
    listen 443 ssl;
    ... ssl directives for keys ...
    return 301 https://www.example.com;
}

您的原始配置不起作用,https因为您只有server针对 http 的重定向块。也就是说,当未listen指定任何指令时,默认为端口 80 和 http。

相关内容