我最近将我的所有网站都转为 https,这是 cv 网站配置的示例
server {
listen 80;
server_name cv.host.com;
root /www/cv/app;
index index.html index.htm index.php;
access_log /www/log/cv/nginx-access.log;
error_log /www/log/cv/nginx-error.log;
location /
{
try_files $uri $uri/ =404;
}
location ~ \.php$
{
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/cv.host.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cv.host.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
但当我尝试打开http://cv.host.com我的浏览器时被重定向到https://host.comau lieu dehttps://cv.host.com
Ngninx 似乎调用了我的默认配置
server {
listen 80 default_server;
server_name _;
root /www/default/app;
index index.html index.htm index.php;
access_log /www/log/default/nginx-access.log;
error_log /www/log/default/nginx-error.log;
location /
{
try_files $uri $uri/ =404;
}
location ~ \.php$
{
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/host.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/host.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
所以当我问http://cv.host.com我在 https 中无法访问好网站...我的配置有误吗?还有其他方法可以将所有内容重定向到 https 吗?
答案1
除非使用相同的 SSL 证书,否则不能将两个 vhost 放在同一个 IP 上用于 SSL。
这是由于 SSL 的工作方式所致。nginx 在解密流之前对主机头一无所知。因此,当它首次连接时,它会命中您的默认条目。