我在服务器上的同一个文件夹中设置了两个域。
IE
dl.d123.com @ /var/www/public_html/dl.domain123.com
dl.domain123.com @ /var/www/public_html/dl.domain123.com
我在 /var/www/public_html/domain123.com 中有一个 htaccess 文件,其中包含以下行:
RewriteEngine On
#Rewrite URLs to one SSL domain
RewriteCond %{HTTP_HOST} ^dl\.d123\.com [NC]
RewriteRule ^(.*)$ https://dl.domain123.com/$1 [L,R=301,NC]
此规则适用于任何不包含文件扩展名的 URL
dl.d123.com/folder1/folder2 redirects to dl.domain123.com/folder1/folder2
但不适用于任何包含文件扩展名的 URL
dl.d123.com/folder1/folder2/index.html stays the same.
不仅仅是 html 扩展名。例如 png 文件也是一样。
该服务器设置有 nginx 作为代理。
nginx:80/443 -> apache:8080/8443
编辑:(出于隐私/安全考虑,域名和 IP 已更改)Nginx 配置:80
server {
listen 123.123.123.123:80;
server_name dl.domain123.org www.dl.domain123.org;
access_log /usr/local/apache/domlogs/dl.domain123.org.bytes bytes;
access_log /usr/local/apache/domlogs/dl.domain123.org.log full;
error_log /usr/local/apache/domlogs/dl.domain123.org.error.log error;
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
root /home/s4h/dl.domain123.org;
expires max;
try_files $uri $uri/ @backend;
}
error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location @backend {
internal;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location @custom {
internal;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?$ {
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location ~ /\.ht {deny all;}
location ~ /\.svn/ {deny all;}
location ~ /\.git/ {deny all;}
location ~ /\.hg/ {deny all;}
location ~ /\.bzr/ {deny all;}
location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}
disable_symlinks if_not_owner from=/home/s4h/dl.domain123.org;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
location /.well-known/pki-validation {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}
Nginx 配置:443
server {
listen 123.123.123.123:443 ssl ;
server_name dl.domain123.org www.dl.domain123.org;
access_log /usr/local/apache/domlogs/dl.domain123.org.bytes bytes;
access_log /usr/local/apache/domlogs/dl.domain123.org.log full;
error_log /usr/local/apache/domlogs/dl.domain123.org.error.log error;
ssl_certificate /etc/pki/tls/certs/dl.domain123.org.bundle;
ssl_certificate_key /etc/pki/tls/private/dl.domain123.org.key;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
root /home/s4h/dl.domain123.org;
expires max;
try_files $uri $uri/ @backend;
}
error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header Strict-Transport-Security "max-age=31536000";
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location @backend {
internal;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location @custom {
internal;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?$ {
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location ~ /\.ht {deny all;}
location ~ /\.svn/ {deny all;}
location ~ /\.git/ {deny all;}
location ~ /\.hg/ {deny all;}
location ~ /\.bzr/ {deny all;}
location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}
disable_symlinks if_not_owner from=/home/s4h/dl.domain123.org;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
location /.well-known/pki-validation {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}
dl.d123.com Nginx,仅端口 80,未安装 SSL。
server {
listen 123.123.123.123:80;
server_name dl.d123.com www.dl.d123.com;
access_log /usr/local/apache/domlogs/dl.d123.com.bytes bytes;
access_log /usr/local/apache/domlogs/dl.d123.com.log full;
error_log /usr/local/apache/domlogs/dl.d123.com.error.log error;
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
root /home/s4h/dl.domain123.com;
expires max;
try_files $uri $uri/ @backend;
}
error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache "HIT from Backend";
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location @backend {
internal;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location @custom {
internal;
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?$ {
proxy_pass http://123.123.123.123:8181;
include proxy.inc;
}
location ~ /\.ht {deny all;}
location ~ /\.svn/ {deny all;}
location ~ /\.git/ {deny all;}
location ~ /\.hg/ {deny all;}
location ~ /\.bzr/ {deny all;}
location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}
disable_symlinks if_not_owner from=/home/s4h/dl.domain123.com;
location /.well-known/acme-challenge {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
location /.well-known/pki-validation {
default_type "text/plain";
alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
}
}
答案1
原因是 nginx 配置中的以下阻止:
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
root /home/s4h/dl.domain123.org;
expires max;
try_files $uri $uri/ @backend;
}
这告诉 nginx 直接使用所提及的扩展名提供文件。请注意,列表包含.html
和.png
扩展名。
您应该在 nginx 内部执行重定向:
server {
listen 123.123.123.123:80;
server_name dl.d123.com www.dl.d123.com;
access_log /usr/local/apache/domlogs/dl.d123.com.bytes bytes;
access_log /usr/local/apache/domlogs/dl.d123.com.log full;
error_log /usr/local/apache/domlogs/dl.d123.com.error.log error;
location / {
return 301 https://www.dl.domain123.org$request_uri;
}
}