我有两个子域名,我想按以下方式链接它们:
https://suba.example.org/
是我的主子域名,https://subb.example.org/
是我的辅助子域名。在 suba 上,我有一个运行 Web 应用程序的服务器,subb 仅用于重定向。suba 上的这个服务器有一个 URL,我们称之为https://suba.example.org/foo.php/bar
。
我想要的是,每当我https://subb.example.org/
在浏览器中输入内容时,https://suba.example.org/foo.php/bar
都会显示,但URL 需要说明https://subb.example.org/
。
截至目前,它将正确显示的内容,https://suba.example.org/foo.php/bar
但浏览器将显示内容的URL而不是https://subb.example.org/
。我已经多次重新启动nginx服务器并使用隐身窗口,以确保浏览器不会缓存任何数据。
发生的事情是:
https://subb.example.org/
我在桌面上的 Chrome 隐身窗口中打开它:它将显示正确的输出https://suba.example.org/foo.php/bar
:它将显示正确的输出,但显示https://suba.example.org/foo.php/bar
在 URL 栏中- 我
https://subb.example.org/
在任何其他浏览器/机器上打开(包括另一台机器上的 Chrome 隐身窗口):它将显示https://suba.example.org/foo.php/bar
来自https://subb.example.org
栏的内容,但只有文本,没有 CSS 或图片。就像 80 年代的网站一样。
在按下 Enter 键之前:https://i.stack.imgur.com/Q5mgx.png
什么是發生:https://i.stack.imgur.com/CfHM1.png
什么应该正在发生:https://i.stack.imgur.com/5OxQ4.png
任何帮助都将受到赞赏。
附件是我的 nginx 站点配置subb
:
server {
listen 443 ssl;
root /config/www;
index index.html index.htm index.php;
### Server Name
server_name subb.example.org;
### SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
### Diffie–Hellman key exchange
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
### Extra Settings
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
### Add HTTP Strict Transport Security
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;
client_max_body_size 0;
location / {
proxy_pass https://suba.example.org/foo.php/bar;
}
}
以下是 nginx 站点配置suba
:
server {
listen 443 ssl;
root /config/www;
index index.html index.htm index.php;
### Server Name
server_name suba.example.org;
### SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
### Diffie–Hellman key exchange
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
### Extra Settings
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
### Add HTTP Strict Transport Security
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;
client_max_body_size 0;
location / {
proxy_pass https://192.168.178.6:444/;
}
}
以下是的响应curl -i https://subb.example.org
:
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 07 Aug 2017 19:24:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 11185
Connection: keep-alive
X-Powered-By: PHP/7.1.5
Set-Cookie: oc367h1rrnkw=i7l0tko9m9unbifqus6lqua1v2; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=eFmSS9gKBYJ4YP0MHDFhmxnhJZnmWTDAMjN4zkTrEenumTa66yy6SeWCs12oU2k2MbDN424ySgGeyyYbciCK7Fs3gmmjtwAJU3a3r87BXZ1Uk%2FmdLEXuZoFdy4mbPH67; path=/; secure; HttpOnly
X-Frame-Options: SAMEORIGIN
Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src 'self'
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Strict-Transport-Security: max-age=63072000; includeSubdomains
Front-End-Https: on
Strict-Transport-Security: max-age=63072000; includeSubdomains
Front-End-Https: on
我将 Live HTTP Header Plugin 的输出粘贴到 pastbin:
pastebin.com/a6kfqhMn
答案1
解决方案是将 css、图形等的请求重定向到https://suba.example.org
。因此,我的新的的 site-confighttps://subb.example.org
如下:
server {
listen 443 ssl;
root /config/www;
index index.html index.htm index.php;
### Server Name
server_name https://subb.exmaple.org;
### SSL Certificates
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
### Diffie–Hellman key exchange
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
### Extra Settings
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
### Add HTTP Strict Transport Security
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header Front-End-Https on;
client_max_body_size 0;
location ^~ /core/ {
proxy_pass https://suba.exmaple.org;
}
location ^~ /apps/ {
proxy_pass https://suba.exmaple.org;
}
location ^~ /index.php/ {
proxy_pass https://suba.exmaple.org;
}
location / {
proxy_pass https://suba.exmaple.org/foo.php/bar;
}
}
这里,带 的部分location ^~ ...
是缺失的。我知道这不是最佳做法,因为我必须浏览整个源代码才能找到缺失的内容以及需要重定向的内容。也许有一天有人会读到这些行并告诉我一种更好的重定向 Web 服务器真实内容的方法。但在此之前,此解决方案将有效。