Nginx 根据简单的 server_name 正则表达式获取域名和有限公司

Nginx 根据简单的 server_name 正则表达式获取域名和有限公司

我正在尝试使用 server_name 上的简单正则表达式来获取当前请求的当前域名和 ltd,我遇到的问题是它没有为 $domain 或 $ltd 设置任何变量。

server_name ~^(?<subdomain>[^\.]*)?(?<domain>[^\.]*)\.(?<tld>[^\.]*)$;

我需要变量能够指向 ssl 目录

ssl_certificate     /etc/letsencrypt/live/$domain.$tld/fullchain.pem;
ssl_certificate_key     /etc/letsencrypt/live/$domain.$tld/privkey.pem;

完整代码:

upstream web_backend {
    # Uncomment for the IP Hashing load balancing method:
    ip_hash;

    # Uncomment for the Least Connected load balancing method:
    # least_conn;

    # Replace the IP addresses with the IP addresses
    # (or host names) of your back end web servers.

    # Examples:
    # server 192.168.1.100;
    server x.x.x.x;
    server x.x.x.x;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challen$
    location ^~ /.well-known/acme-challenge/ {
        # No HTTP authentication
        allow all;

        # Set correct content type. According to this:
        # https://community.letsencrypt.org/t/using-the-webroot-domain-verifi$
        # Current specification requires "text/plain" or no content header at$
        # It seems that "text/plain" is a safe option.
        default_type "text/plain";

        # Change document root: this path will be given to certbot as the
        # `-w` param of the webroot plugin.
        root /var/www/html;
    }

    # Hide /acme-challenge subdirectory and return 404 on all requests.
    # It is somewhat more secure than letting Nginx return 403.
    # Ending slash is important!
    location = /.well-known/acme-challenge/ {
            return 404;
    }


    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # Examples:
    #server_name mail.mostyn.group www.mail.mostyn.group.com;
    #server_name _;
    #server_name    ~^(www\.)?(?<domain>.+)$;
    server_name ~^(?<subdomain>[^\.]*)?(?<domain>[^\.]*)\.(?<tld>[^\.]*)$;

    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
    ssl_prefer_server_ciphers  on;
    ssl_session_cache          shared:SSL:10m;
    ssl_session_timeout        24h;
    keepalive_timeout          300s;

    ssl_certificate     /etc/letsencrypt/live/$domain.$tld/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/$domain.$tld/privkey.pem;

    location / {
    #include proxy_params;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://web_backend;
    }

    location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css)$ {
    }

}

答案1

好的,我已经根据@RichardSmith 的说法解决了这个问题。步骤如下:

1. In server block added = server_name _;
2. added $ssl_server_name to ssl_certificate and ssl_certificate_key
  A. ssl_certificate         /etc/letsencrypt/live/$ssl_server_name/fullchain.pem;
  B. ssl_certificate_key     /etc/letsencrypt/live/$ssl_server_name/privkey.pem;
3. In /etc/nginx/nginx.conf file change user to root or it will throw permission error.

我正在使用 Nginx 版本:nginx/1.16.1

參考文獻:https://nginx.org/en/CHANGES

相关内容