我正在尝试使用 2 nginx 做一些事情。
我有一个 wordpress:mywebsite.com
我需要以下信息:
我在使用 let'sencrypt 配置 ssl 时遇到了一些困难。
- Nginx1:198.198.198.2
- Nginx2:241.236.210.2
如果我在 Nginx1 中拥有服务器名称:mywebsite.com,而在 Nginx2 中拥有相同的服务器名称,那么我无法为 Nginx2 生成 SSL 证书,因为 IP 不正确。
有人可以帮我进行安全安装吗?
会议 DNS:
reverse1ext.domain.com. 0 A 0.0.0.0
reverse1int.domain.com. 0 A 0.0.0.0
site.domain.fr. 0 CNAME reverse1ext.domain.com.
site.reverse1int.domain.com 0 CNAME reverse1int.domain.com.
NGINX 1:
upstream upstream1 {
server site.reverse1int.domain.com:443;
}
server {
server_name site.domain.com;
location / {
proxy_pass https://upstream1;
proxy_set_header Host $host;
proxy_connect_timeout 30;
proxy_send_timeout 30;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = site.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name site.domain.com;
listen 80;
return 404; # managed by Certbot
}
Nginx2的:
upstream upstream1 {
server 10.12.12.24;
}
server {
server_name site.domain.com;
location / {
proxy_pass https://upstream1;
proxy_set_header Host $host;
proxy_connect_timeout 30;
proxy_send_timeout 30;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = site.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name site.domain.com;
listen 80;
return 404; # managed by Certbot
}
这个配置有效,但我不确定它是否非常安全和干净