情况是- 在我的 nginx 服务器上,我有一个虚拟主机(我们称之为收件箱)和另一个虚拟主机(我们称之为邮政),为了设置邮政,我遵循了一组说明。如您所见,邮政已启用 SSL(请参阅下面“额外信息”部分中的虚拟主机站点可用性配置文件)。
http://inbox.go-tribalscale.com/index.html带我到正确的收件箱文件夹 (/var/www/roundcube.go-tribalscale.com/public_html)
问题是
- 如果我从 URL 中删除“/index.html”,它会带我进入邮政目录(其中加载应用程序,/opt/postal/public)
解决方案 我认为问题出在 ssl 情况中,也许 443 端口完全控制并且 url 被忽略,不确定也许你们可以帮忙吗?
额外信息
收件箱(根据 Gerards 的观点进行编辑)
server {
listen 80;
listen [::]:80;
root /var/www/inbox.go-tribalscale.com/public_html;
index index.php index.html index.htm;
server_name inbox.go-tribalscale.com www.inbox.go-tribalscale.com;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ^~ /data {
deny all;
}
}
邮政
server {
listen [::]:80;
listen 0.0.0.0:80;
server_name postal.outreach-hangar49.com;
return 301 https://$host$request_uri;
}
server {
listen [::]:443 ssl;
listen 0.0.0.0:443 ssl;
root /opt/postal/public;
server_name postal.outreach-hangar49.com;
ssl_certificate /etc/letsencrypt/live/postal.outreach-hangar49.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/postal.outreach-hangar49.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
location / {
client_max_body_size 50M;
try_files $uri $uri/index.html $uri.html @puma;
}
location /app/assets {
add_header Cache-Control max-age=3600;
}
location @puma {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:5000;
}
}
答案1
Nginx 将需要为请求的端口找到合适的服务器上下文。
因此,如果请求来自端口80(http),那么就有多个服务器可供选择,Nginx 将选择具有正确的服务器server_name。
但是如果请求来自端口443(https),那么就没有太多的选择,无论server_name指令是什么,Nginx 都将被迫选择不正确的服务器上下文。
我给你的建议是:
创建空服务器(使用自签名 SSL 证书),用于错误请求的故障转移。只有当用户传递正确的Host标头(或 SNI 的 server_name 参数)时,它才会选择正确的上下文。
例子:
默认配置文件:
server {
listen 80;
server_name _;
return 404;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /usr/local/nginx/ssl/localhost.pem;
ssl_certificate_key /usr/local/nginx/ssl/localhost.key;
include /usr/local/nginx/snippets/ssl-params.conf;
return 404;
}
站点1.conf:
server {
listen 80;
server_name site1.com www.site1.com;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name site1.com www.site1.com;
ssl_certificate /usr/local/nginx/ssl/site1/site1.com/site1.com.pem;
ssl_certificate_key /usr/local/nginx/ssl/site1/site1.com/site1.com.key;
include /usr/local/nginx/snippets/ssl-params.conf;
...
}
站点2.conf:
server {
listen 80;
server_name example.com www.example.com;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name site2.com www.site2.com;
ssl_certificate /usr/local/nginx/ssl/site2/site2.com/site2.com.pem;
ssl_certificate_key /usr/local/nginx/ssl/site2/site2.com/site2.com.key;
include /usr/local/nginx/snippets/ssl-params.conf;
...
}
答案2
当您访问http://inbox.go-tribalscale.com或者http://inbox.go-tribalscale.com/,应用以下方法:
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
如果您希望显示 index.html,则 try_files 应该是
try_files $uri $uri/ /index.html;
如果您仅在收到根请求时才想要这样做,则可以在当前“位置 /”之前添加一个新位置:
location = / {
try_files $uri $uri/ /index.html;
}
如果 /var/www/inbox.go-tribalscale.com/public_html/ 中有一个 index.php,那么该页面可能是将您发送到邮政域的页面。