nginx代理https,一级域名和二级域名的配置,thinkphp使用二级域名

a服务器项目使用apache,tp3.2.  要apache支持https还得安装openssl模块,,刚好另一台b服务器上的nginx以前用过https代理

阿里云安全设置里端口80和443已开放

 

b服务器nginx代理    http跳转到https

阿里云域名里先添加域名解析   www和@  指向nginx服务器所在ip

域名在阿里云,直接买免费的ssl证书,参考 https://www.cnblogs.com/tianhei/p/7726505.html

172.31.35.222是项目apache所在a服务器内网ip

vi  /opt/server/nginx/conf/vhost/www.z.com.conf

server {
listen 80;
server_name www.z.com z.com;
return 301 https://www.z.com$request_uri;
}

server {
listen 443;
server_name z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/server.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
return 301 https://www.z.com$request_uri;
}
server {
listen 443 ;
server_name www.z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/server.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
access_log logs/www.z.com access ;
error_log logs/www.z.com_error.log;
client_max_body_size 10m;
# proxy_buffer_size 64k;
# proxy_buffers 8 5m;
# proxy_busy_buffers_size 5m;
location / {
index index.php;
proxy_pass http://172.31.35.222;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

 

阿里云的免费ssl证书只有一个域名,  又买了一个ssl证书域名是  api.z.com

阿里云域名里先添加域名解析   api 指向nginx服务器所在ip

vi  /opt/server/nginx/conf/vhost/api.z.com.conf

server {
listen 80;
server_name api.z.com;
return 301 https://api.z.com$request_uri;
}

server {
listen 443 ;
server_name api.z.com;
ssl on;
ssl_certificate /opt/server/nginx/conf/ca1/apiserver.pem;
ssl_certificate_key /opt/server/nginx/conf/ca1/apiserver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
access_log logs/api.z.com access ;
error_log logs/api.z.com_error.log;
client_max_body_size 10m;
# proxy_buffer_size 64k;
# proxy_buffers 8 5m;
# proxy_busy_buffers_size 5m;
location / {
index index.php;
proxy_pass http://172.31.35.222;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

配置完后  /opt/server/nginx/sbin/nginx -s reload

以上nginx代理https已经好了,下面做thinkphp二级域名配置

参考  https://blog.csdn.net/h330531987/article/details/69663714

apache配置泛域名

vi /usr/local/apache/conf/vhost/z.com.conf

<VirtualHost *:80>
DocumentRoot /www/web/z/
ServerName z.com
ServerAlias *.z.com
CustomLog "/logs/www.z.com_access_log" combined
ErrorLog "/logs/www.z.com_error_log"
<IfModule mod_deflate.c>
DeflateCompressionLevel 7
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php
AddOutputFilter DEFLATE css js html htm gif jpg png bmp php
</IfModule>
</VirtualHost>
<Directory /www/web/z/>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

 

项目中添加二级域名配置

config.php中添加

'APP_SUB_DOMAIN_DEPLOY' =>  true,  // 是否开启子域名部署
'APP_SUB_DOMAIN_RULES' => array(
'api' => 'Api'
),// 子域名部署规则

 

这样http://z.com  http://www.z.com  https://www.z.com https://z.com  http://api.z.com  https://api.z.com  都已经ok了

 

posted @ 2019-03-26 13:42  jackduan1  阅读(1565)  评论(0编辑  收藏  举报