我在 Debian 12 上运行 nginx 作为多个站点的反向代理(带 SSL 终止)。最近注意到,由于这种奇怪的行为,我无法再添加更多主机。已启用默认站点,但系统地,当我将浏览器指向 sub-xx.domain.com 时,它被重定向到 a.domain.com。但是,从 a 到 w 的每个站点都按预期工作。如果请求是 HTTP,浏览器会警告站点不安全并重定向到 d.domain.com。当您明确请求 HTTPS 时,如上所述被重定向到 a.domain.com。来自 xx.domain.com 的日志没有任何痕迹,而且,如果请求是 HTTPS,来自 a.domain.com 的日志就有这个
192.168.9.1 - - [19/Jan/2024:16:55:04 -0300] "GET /img/logo.gif HTTP/2.0" 200 3418 "https://xx.domain.com/css/login>
xx.conf
pstream xx {
server 192.168.8.86;
keepalive 32;
}
server {
listen 80;
server_name xx.domain.com;
include /etc/nginx/snippets/location-letsencrypt.conf;
# return 301 https://$server_name$request_uri;
#}
#server {
# listen 443 ssl http2;
# server_name test.xx.domain.com;
# include /etc/nginx/snippets/location-letsencrypt.conf;
# include /etc/nginx/snippets/ssl-params.conf;
# ssl_certificate /etc/letsencrypt/live/xx.domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/xx.domain.com/privkey.pem;
location / {
include /etc/nginx/snippets/proxy.conf;
proxy_pass http://test_xx/;
}
access_log /var/log/nginx/xx.domain.com/access.log;
error_log /var/log/nginx/xx.domain.com/error.log;
}
yy配置文件
upstream yy {
server 192.168.8.81;
keepalive 32;
}
server {
listen 80;
server_name yy.domain.com;
include /etc/nginx/snippets/location-letsencrypt.conf;
# return 301 https://$server_name$request_uri;
#}
#server {
# listen 443 ssl http2;
# server_name yy.domain.com;
# include /etc/nginx/snippets/location-letsencrypt.conf;
# include /etc/nginx/snippets/ssl-params.conf;
# ssl_certificate /etc/letsencrypt/live/yy.domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/yy.domain.com/privkey.pem;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
proxy_pass http://yy/;
}
access_log /var/log/nginx/yy.domain.com/access.log;
error_log /var/log/nginx/yy.domain.com/error.log;
}
nginx.conf
user www-data;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 10240;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# To avoid error 413
client_max_body_size 192M;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
log_format main '$remote_addr - $remote_user [$time_local]
"$request" ' '$status $body_bytes_sent
"$http_referer" ' '"$http_user_agent"
"$http_x_forwarded_for"';
#access_log /var/log/nginx/access-special.log combined;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
位置-letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/le_root;
}
location = /.well-known/acme-challenge/ {
return 404;
}