我们在 Laravel Forge Nginx 服务器上有一个 Laravel 应用程序,它为 sub.app.com 网站和自定义域(如)提供服务mycustomdomain.com。sub.example.com使用通配符可以很好地加载网站。主应用程序管理域也是如此my.app.com。
应用程序中添加的自定义或客户域名存储为 DNS A 和 AAAA 记录,名称为 @so
name @ TTL 1 hr Type A Value ip address
但是它们不会加载应用程序 404 错误,也不会尝试显示页面。相反,它们会直接转到应用程序后端my.app.com。我们还不知道为什么。当不存在 Laravel 404 错误时,Subs 会加载它们。它们(自定义域)应该尝试从应用程序提供数据。
以下是我们的 Nginx 配置。我们有一个万能配置:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
以及带有通配符 server_name 和 SSL 详细信息(包括 Forge)的主配置文件,其中仅存在之前的内容:
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/my.app.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name *.app.com;
root /home/forge/my.app.com/current/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/my.app.com/xxxxx/server.crt;
ssl_certificate_key /etc/nginx/ssl/my.app.com/xxxx/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/my.app.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/my.app.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/my.app.com/after/*;
并且之前脚本加载:
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
server_name *.app.com;
return 301 https://$host$request_uri;
}
# Redirect SSL to primary domain SSL...
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/my.app.com/xxxxx/server.crt;
ssl_certificate_key /etc/nginx/ssl/my.app.com/xxxxx/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
server_name www.my.app.com;
return 301 https://my.app.com$request_uri;
}
现在自定义域已重定向至 443,然后重定向至 my.app.com。它应该加载根应用程序数据。有什么想法可以解释为什么自定义域不尝试加载子域之类的数据,而是重定向至 my.app.com?
答案1
我在主配置上方添加了另一个块,并将其设为默认值而不是 catch-all:
server {
listen *:80 default_server;
listen *:443 default_server;
root /home/forge/my.app.com/current/public;
ssl_certificate /etc/nginx/ssl/my.app.com/xxxxx/server.crt;
ssl_certificate_key /etc/nginx/ssl/my.app.com/xxxxx/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
现在可加载应用程序数据。catch-all 现在有
server {
listen 80;
listen [::]:80;
server_name _;
return 444;
}
我们可能需要调整主配置的新自定义域服务器块以使用 LE SSL 而不是主 SSL,因为我们使用 Let's Encrypt 来加密自定义域,但这个特定问题已经解决。