nginx一台服务器部署多个域名和证书
2020-08-31 本文已影响0人
西5d
背景
手头有俩域名,而且在某云可以拿到一年免费的域名证书。但是由于服务器比较贵,只有一台和对应的公网ip,想怎么支持https证书不会出错的情况下,两个域名都解析到同一个服务器。
所以找了如下的配置。 这里我加了个跳转,如果不需要的也可以不用加跳转。总结来说实现了在资源不够的情况下,稍微变通,同一个ip支持在不同域名下证书有效,即一个ip可以部署多个https网站。
配置详情
配置就全部拿过来了,注意添加的注释。
#nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 100m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# 默认的网站
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name myweb1.com www.myweb1.com;
root /export/www/mediawiki;
index index.php;
ssl_certificate /etc/pki/nginx/private/myweb1.pem;
ssl_certificate_key /etc/pki/nginx/private/myweb1.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #支持和禁止的加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #协议版本
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
location @mediawiki {
rewrite ^/wiki([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess config page
#rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
#rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
#rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
#rewrite ^/(.*) /doku.php?id=$1&$args last;
}
location / { try_files $uri $uri/ @mediawiki; }
# 由于mediawiki 是php的,所有需要添加支持。
location ~* \.php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
### 不同域名,同样内容
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.myweb2.com myweb2.com;
root /export/www/mediawiki;
index index.php;
ssl_certificate /etc/pki/nginx/private/myweb2.pem;
ssl_certificate_key /etc/pki/nginx/private/myweb2.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #支持和禁止的加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #协议版本
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
location @mediawiki {
#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess config page
#rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
#rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
#rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
#rewrite ^/(.*) /doku.php?id=$1&$args last;
}
location / { try_files $uri $uri/ @mediawiki; }
location ~* \.php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80 ;
listen [::]:80 ;
server_name _;
# Load configuration files for the default server block.
rewrite ^(.*)$ https://$host$1 permanent; # 这里加跳转,默认是80的访问全部转到443,永久跳转
include /etc/nginx/default.d/*.conf;
location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
location / { try_files $uri $uri/ @mediawiki; }
# 支持php的配置
location ~* \.php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# 另一个网站服务,端口也不一样
server {
listen 8000 ;
listen [::]:8000 ;
server_name _;
root /export/www/dokuwiki;
index doku.php
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
location @dokuwiki {
#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}
location / { try_files $uri $uri/ @dokuwiki; }
location ~* \.php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
总结
以上就是本次的内容,简单做个记录。
