尝试对多个主机端口使用 HTTPS

尝试对多个主机端口使用 HTTPS

我正在尝试配置 Nginx,以便使用 SSL 在端口 443 和 5501 上为我的应用程序提供服务。我有以下 Nginx 配置:

upstream pixel {
    server pixel.example.com:8080 weight=1;
    server pixel.example.com:8081 weight=1;
    server pixel.example.com:8082 weight=1;
    server pixel.example.com:8083 weight=1;
    server pixel.example.com:8084 weight=1;
    server pixel.example.com:8085 weight=1;
}

upstream main {
  server pixel.example.com:5501;
}

upstream ha {
  server pixel.example.com:6501;
}

server {
        listen       5501 default_server;
        listen       [::]:5501 default_server;
        root /var/www/html/pixel.example.com;
        index index.html index.htm index.nginx-debian.html;
        server_name  pixel.example.com www.pixel.example.com;

        location / {
            proxy_pass http://main;
        }
}

server {
        listen       5601 default_server;
        listen       [::]:5601 default_server;
        server_name  pixel.example.com www.pixel.example.com;

        location / {
            proxy_pass http://ha;
            try_files $uri $uri/ =404;
        }
}

server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        root /var/www/html/pixel.example.com;
        index index.html index.htm index.nginx-debian.html;
        server_name  pixel.example.com www.pixel.example.com;

        location / {
            proxy_pass http://pixel;
            try_files $uri $uri/ =404;
        }

        location /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name pixel.example.com www.pixel.example.com;
        server_tokens off;
        ssl_certificate /etc/nginx/ssl/live/pixel.example.com/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/live/pixel.example.com/privkey.pem;
        ssl_buffer_size 8k;
        ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
        ssl_ecdh_curve secp384r1;
        ssl_session_tickets off;
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8;
        location / {
                try_files $uri @server;
        }

        location ~ /.well-known {
          allow all;
        }

        location @server {
                proxy_pass http://pixel;
                proxy_ssl_server_name on;
                proxy_set_header Host pixel.example.com;
                add_header X-Frame-Options "SAMEORIGIN" always;
                add_header X-XSS-Protection "1; mode=block" always;
                add_header X-Content-Type-Options "nosniff" always;
                add_header Referrer-Policy "no-referrer-when-downgrade" always;
                add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
                add_header 'Access-Control-Allow-Origin' '*' always;
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
        }

        root /var/www/html/pixel.example.com;
        index index.html index.htm index.nginx-debian.html;
}

server {
        listen  5501 ssl http2;
        listen [::]:5501 ssl http2;
        server_name pixel.example.com www.pixel.example.com;
        server_tokens off;
        ssl_certificate /etc/nginx/ssl/live/pixel.example.com/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/live/pixel.example.com/privkey.pem;
        ssl_buffer_size 8k;
        ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
        ssl_ecdh_curve secp384r1;
        ssl_session_tickets off;
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8;
        location / {
                try_files $uri @server;
        }

        location ~ /.well-known {
          allow all;
        }

        location @server {
                proxy_pass http://main;
                proxy_ssl_server_name on;
                proxy_set_header Host pixel.example.com;
                add_header X-Frame-Options "SAMEORIGIN" always;
                add_header X-XSS-Protection "1; mode=block" always;
                add_header X-Content-Type-Options "nosniff" always;
                add_header Referrer-Policy "no-referrer-when-downgrade" always;
                add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
                add_header 'Access-Control-Allow-Origin' '*' always;
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
        }

        root /var/www/html/pixel.example.com;
        index index.html index.htm index.nginx-debian.html;
}

我希望我的服务器响应两者https://pixel.example.comhttps://pixel.example.com:5501。我该如何修改我的 Nginx 配置来实现这一点?

具体来说,我想确保两个端口的 SSL 都正确配置,并且为我的应用程序设置了适当的代理,我目前能够通过 http 进行访问。

另外,我想使用相同的证书。该证书在端口 443 中有效。

任何见解或例子都将不胜感激!谢谢。

相关内容