我正在尝试配置 Nginx,以便使用 SSL 在端口 443 和 5501 上为我的应用程序提供服务。我有以下 Nginx 配置:
upstream pixel {
server pixel.example.com:8080 weight=1;
server pixel.example.com:8081 weight=1;
server pixel.example.com:8082 weight=1;
server pixel.example.com:8083 weight=1;
server pixel.example.com:8084 weight=1;
server pixel.example.com:8085 weight=1;
}
upstream main {
server pixel.example.com:5501;
}
upstream ha {
server pixel.example.com:6501;
}
server {
listen 5501 default_server;
listen [::]:5501 default_server;
root /var/www/html/pixel.example.com;
index index.html index.htm index.nginx-debian.html;
server_name pixel.example.com www.pixel.example.com;
location / {
proxy_pass http://main;
}
}
server {
listen 5601 default_server;
listen [::]:5601 default_server;
server_name pixel.example.com www.pixel.example.com;
location / {
proxy_pass http://ha;
try_files $uri $uri/ =404;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html/pixel.example.com;
index index.html index.htm index.nginx-debian.html;
server_name pixel.example.com www.pixel.example.com;
location / {
proxy_pass http://pixel;
try_files $uri $uri/ =404;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pixel.example.com www.pixel.example.com;
server_tokens off;
ssl_certificate /etc/nginx/ssl/live/pixel.example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/pixel.example.com/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location / {
try_files $uri @server;
}
location ~ /.well-known {
allow all;
}
location @server {
proxy_pass http://pixel;
proxy_ssl_server_name on;
proxy_set_header Host pixel.example.com;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}
root /var/www/html/pixel.example.com;
index index.html index.htm index.nginx-debian.html;
}
server {
listen 5501 ssl http2;
listen [::]:5501 ssl http2;
server_name pixel.example.com www.pixel.example.com;
server_tokens off;
ssl_certificate /etc/nginx/ssl/live/pixel.example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/pixel.example.com/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location / {
try_files $uri @server;
}
location ~ /.well-known {
allow all;
}
location @server {
proxy_pass http://main;
proxy_ssl_server_name on;
proxy_set_header Host pixel.example.com;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}
root /var/www/html/pixel.example.com;
index index.html index.htm index.nginx-debian.html;
}
我希望我的服务器响应两者https://pixel.example.com和https://pixel.example.com:5501。我该如何修改我的 Nginx 配置来实现这一点?
具体来说,我想确保两个端口的 SSL 都正确配置,并且为我的应用程序设置了适当的代理,我目前能够通过 http 进行访问。
另外,我想使用相同的证书。该证书在端口 443 中有效。
任何见解或例子都将不胜感激!谢谢。