我已经设置nginx 与 Certbot在我的家庭服务器跑步Debian托管一个小型网站。我有一个静态外部 IP地址和自定义域这指向后者。
到目前为止一切运行正常,但是由于我安装了 Certbot 来为网站启用 https,本地网络用户无法使用内部 IP- 192.168.178.18 – 除此之外。
nginx 和 Certbot 均配置为域名.com和www.域名.xyz,并且可以使用该域名在本地和远程访问该网站,这很棒。
现在我想重新让本地用户能够直接用内网IP访问网站。
我网站的 nginx 配置如下:
server {
root /srv/www/my-website;
index index.html index.htm;
server_name domain.xyz www.domain.xyz;
include /etc/nginx/sites-dietpi/*.conf;
# Deny Automated User Agents
if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
return 403;
}
location / {
try_files $uri $uri/ =404;
# Get rid of unwanted HTTP methods
limit_except GET HEAD POST {deny all; }
}
location images/ {
valid_referers none blocked www.domain.xyz domain.xyz;
if ($invalid_referer) {
return 403;
}
}
location /css/ {
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.xyz/fullchain.pem; # manag>
ssl_certificate_key /etc/letsencrypt/live/domain.xyz/privkey.pem; # man>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name domain.xyz www.domain.xyz;
return 404; # managed by Certbot <--- HERE
}
注意这里的倒数第二行。它将想要本地访问网站的用户重定向到 404 页面未找到的网站。
有什么方法可以允许本地未加密(或加密)流量直接使用本地 IP 访问网站?
答案1
尝试在前两个 if($host = ...) 下方添加另一个 if 语句来重定向本地 ip。
if ($host = 192.168.local.ip) {
return 301 https://$host$request_uri;
}
那么你的服务器块看起来就像
server {
if ($host = www.domain.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = 192.168.local.ip) {
return 301 https://$host$request_uri;
}
listen 80 default_server;
listen [::]:80 default_server;
server_name domain.xyz www.domain.xyz;
return 404; # managed by Certbot <--- HERE
}