我希望能够在 Nginx 反向代理中创建一个子域。就目前而言,我有一个正确配置且可用的反向代理,可以正确解析。当我尝试让它与需要多个子域的 apache 服务器配合使用时,问题就出现了。我想创建一个子域,例如johnsmith.example.com
。我的主域example.com
指向一个 apache2 服务器,该服务器当前已启动、正在 ping 并加载默认 apache 页面。我目前无法找出必要的反向代理配置,以便将反向代理正确指向子域。我是否应该像创建一样为子域创建单独的站点启用配置example.com.conf
?还是我需要在 /etc/nginx/sites-available 中的 example.com.conf 内添加子域配置?
这是 /etc/nginx/sites-available 中的 nginx 反向代理 example.com.conf(更改了域名,假设除johnsmith.example.com
解析之外的所有内容都已正确设置。另外忽略 SSL 内容,因为这不是面向 certbot 的问题/疑问):
#example.com
server {
listen 443;# ssl http2;
listen [::]:443;# ssl http2;
server_name example.com;
# reverse proxy
location / {
proxy_pass "http://internal.DNS.URL";
include nginxconfig.io/proxy.conf;
}
# additional config
include nginxconfig.io/general.conf;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name example.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://example.com$request_uri;
}
}
##johnsmith.example.com
server {
listen 443;# ssl http2;
listen [::]:443;# ssl http2;
server_name johnsmith.example.com;
# security
include nginxconfig.io/security.conf;
# reverse proxy
location / {
proxy_pass "internal.DNS.URL";
include nginxconfig.io/proxy.conf;
}
# additional config
include nginxconfig.io/general.conf;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name johnsmith.example.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://johnsmith.example.com$request_uri;
}
}
注意:我创建了一个单独的配置(/etc/nginx/sites-available/johnsmith.example.com.conf),但它不起作用。这只是我最后尝试的。
该子域名的 DNS 记录是:
Type: CNAME Record | Host: johnsmith | Target: example.com
Type: CNAME Record | Host: www.johnsmith | Target: example.com
就像我上面说的,假设除了这个特定的子域名之外,其他一切都能解析。请告诉我还有哪些其他信息对解决这个问题有用。
感谢您的时间。
编辑: curl -v 的输出https://johnsmith.example.com
Expire in 3 ms for 1 (transfer 0x55f7da933e00)
* Expire in 3 ms for 1 (transfer 0x55f7da933e00)
* Expire in 4 ms for 1 (transfer 0x55f7da933e00)
* Trying 97.113.101.68...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55f7da933e00)
* Connected to johnsmith.example.com (97.113.101.68) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=jellyfin.example.com
* start date: Jan 3 20:38:41 2021 GMT
* expire date: Apr 3 20:38:41 2021 GMT
* subjectAltName does not match johnsmith.example.com
* SSL: no alternative certificate subject name matches target host name 'johnsmith.example.com'
* Closing connection 0
curl: (60) SSL: no alternative certificate subject name matches target host name 'johnsmith.example.com'
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
答案1
这不会是最有帮助的答案,但我让 johnsmith.example.com 解决了,我不知道是什么小变化导致了它(但这个设置确实适用于我需要的基本 domain->subdomain.domain->subdomain.domain->etc 结构)。我会尝试分享我的设置,以便任何遇到这个问题的人都可以看到什么对我有用,以及 /etc/nginx/sites-available/{websitename}.conf 中子域的正确语法。希望这对某人有帮助。非常感谢 @Tero Kilkanen 让我通过各种命令的输出进行了一些挖掘。
这没有稍后添加的 SSL 部分,因此如果您使用 certbot,则显然需要 SSL 证书字段信息。nginxconfig.io
是一个很棒的工具/网站,用于查看不错的 nginx 反向代理模板,这是我使用的,并且包含 SSL 的字段。继续...
从/etc/nginx/sites-available/example.com.conf
#example.com
server {
listen 443;# ssl http2;
listen [::]:443;# ssl http2;
server_name example.com;
# reverse proxy
location / {
proxy_pass "http://internal.DNS.URL";
include nginxconfig.io/proxy.conf;
}
# additional config
include nginxconfig.io/general.conf;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name example.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://example.com$request_uri;
}
}
##johnsmith.example.com
server {
listen 443;# ssl http2;
listen [::]:443;# ssl http2;
server_name johnsmith.example.com;
# security
include nginxconfig.io/security.conf;
# reverse proxy
location / {
proxy_pass "internal.DNS.URL";
include nginxconfig.io/proxy.conf;
}
# additional config
include nginxconfig.io/general.conf;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name johnsmith.example.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://johnsmith.example.com$request_uri;
}
}
johnsmith.example
我删除了和的 CNAME 记录,因为显然我之前为 nextcloud 安装添加的www.johnsmith.example
通配符CNAME 记录就足够了(我对 DNS 还很陌生,我知道这一点可能非常明显)。*.example.com
另外,我在该proxy_pass
部分有一个内部 DNS (dnsmasq)。以下是相关块:
# reverse proxy
location / {
proxy_pass "internal.DNS.URL";
include nginxconfig.io/proxy.conf;
这对我来说有效,但如果您没有内部 DNS 服务器,则需要在那里输入 IP 地址。
再次感谢@TeroKilkanen 帮助我解决这个问题。