如何将 cname 指向使用反向代理的 nginx 服务器

如何将 cname 指向使用反向代理的 nginx 服务器

我有一个使用通配符子域名的服务器。我使用的是 nuxtjs、nginx,它在端口 3000 上的反向代理上运行。每个用户都应该能够在网站上创建一个子域名,例如,subdomain.learnbot.tk这将指向learnbot.tk/school/{subdomain-name}。每个用户都应该能够创建一个指向他们自己的 的 cname subdomain.learnbot.tk

但是,当我使用域名创建以主机为@、以目标为的CNAME 记录时,它返回 404。subdomain.learnbot.tkhttps://creatorbrandedsite.tk/

这是我的通配符子域名的配置文件:

        server {
        listen 80;
    
        server_name *.learnbot.tk;
        return 301 https://$server_name$request_uri;
    }
    
    server {
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        #include snippets/ssl-example.com.conf;
        #include snippets/ssl-params.conf;
    
        ssl_certificate /etc/letsencrypt/live/learnbot.tk/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/learnbot.tk/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
        root /home/subdomain/learnbot.tk/public/current;
        index index.php index.html index.htm index.nginx-debian.html;
    
        server_name *.learnbot.tk;
    
        location / {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }
    
        location /blog {
            try_files $uri $uri/ /index.php$is_args$args;
        }
    
        # For Lets Encrypt certbot
        location ~ /.well-known {
            allow all;
        }
    
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
    
        location ~ /\.ht {
            deny all;
        }
    
        location /favicon.ico { alias /var/www/html/example/favicon.ico; }
        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
}

主域名的 nuxtjs conf 文件

    server {
    index index.html;
    server_name learnbot.tk www.learnbot.tk;

    location / {
        # WARNING: https in proxy_pass does NOT WORK!! I spent half a day debugging this.
        #proxy_pass https://localhost:4001;
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    
    error_page 404 /custom_404.html;
    location = /custom_404.html {
        root /etc/nginx/sites-available/custom_nginx_error_pages;
        internal;
    }

    listen [::]:443 ssl http2; # managed by Certbot, modified by Kunal to add http2
    listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2

    #Install SSL certificates and configure https:// on a per-domain-basis by running:
    #sudo certbot --nginx
    #(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
    ssl_certificate /etc/letsencrypt/live/learnbot.tk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/learnbot.tk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    server_name learnbot.tk;
    if ($host = learnbot.tk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;
    return 404; # managed by Certbot
}

答案1

当您请求时https://creatorbrandedsite.tk/,会发生以下事件:

  1. 浏览器查询 DNS 信息creatorbrandedsite.tk
  2. 它收到 CNAME 响应,并继续查找subdomain.learnbot.tkA 记录。
  3. 它连接到 的 IP 地址subdomain.learnbot.tk
  4. creatorbrandedsite.tk它从你的 nginx 服务器请求域名。

然后,您的服务器的默认虚拟主机配置将对请求返回 404 未找到。

DNS CNAME 记录仅用于解析目标 IP 地址。它不用于选择浏览器实际连接的虚拟主机。

您需要重新考虑处理这个问题的方法。

相关内容