我目前有 nginx 完美地作为服务器 unifi 的 wifi 控制器的反向代理,通过子域和连接自动从 http 升级到 https。我现在需要从同一台服务器在同一子域上提供一个基本的 php 页面,文件为 sunder/var/ww/html/pages/,但对于如何实现这一点有点困惑,我尝试添加位置块和服务器块,但总是出现各种错误 :)
以下是我网站的 .conf,如有任何帮助,不胜感激
#/etc/nginx/sites-enabled/default
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
server {
listen 80;
server_name _;
return 301 https://wifi.domain.com.au$request_uri;
error_log /var/log/unifi/nginx.log;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/html/letsencrypt;
}
}
server {
listen 443 ssl default_server http2;
server_name wifi.domain.com.au;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_certificate /etc/letsencrypt/live/wifi.domain.com.au/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wifi.domain.com.au/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 300;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
error_log /var/log/unifi/nginx.log;
client_max_body_size 8M;
proxy_cache off;
proxy_store off;
location / {
include /etc/nginx/proxy_params;
proxy_pass https://127.0.0.1:8443$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
答案1
最后我让它这样工作了...
#/etc/nginx/sites-enabled/default
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
server {
listen 80;
server_name _;
return 301 https://wifi.domain.com.au$request_uri;
error_log /var/log/unifi/nginx.log;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/html/letsencrypt;
}
}
server {
listen 443 ssl default_server http2;
server_name wifi.domain.com.au;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_certificate /etc/letsencrypt/live/wifi.domain.com.au/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wifi.domain.com.au/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 300;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
error_log /var/log/unifi/nginx.log;
client_max_body_size 8M;
proxy_cache off;
proxy_store off;
location / {
include /etc/nginx/proxy_params;
proxy_pass https://127.0.0.1:8443$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /admin {
include /etc/nginx/proxy_params;
proxy_pass http://127.0.0.1:81$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
我确实尝试过将所有内容保留在 nginx 中,但在尝试通过它运行 php 脚本时却花费了大量时间,花了太多时间在 Google 上搜索 nginx php 块并尝试了无数所谓的修复方法...放弃了...lighttpd 来救援
安装 lighthttpd,并将其端口设置为 81,php 即可正常运行
现在我可以通过主子域名 URL iee 访问我的 unifi 控制器https://sub.domain.com以及新的 php 页面https://sub.domain.com/admin一切善