【Nginx】https及域名公用

实际项目中有以下需求:

1.此项目有两个网站,一个是官网:www.site2.com,一个是后台管理网站:www.site1.com

2.此项目前后端分离,数据都是通过一个接口服务读取。

3.此项目只有一个单域名ssl证书,但是要保证官网、后台、数据接口都可以通过https访问。

 

思路:

1.将ssl证书指向到官网,www.site2.com。

  listen 443 ssl;
    server_name  www.site2.com; // 对www.site2.com进行ssl认证

    ssl_certificate ../ssl/server.crt;
    ssl_certificate_key ../ssl/server.key;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
   // 访问www.site2.com,指向官网website目录
    location / {
        root ../website;
        index index.html;
        
        proxy_redirect off ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

  

2.将数据接口和后台作为官网的下级平台。通过www.site2.com/sub和www.site2.com/api,访问后台和数据接口。

    // 访问www.site2.com/api,指向内部接口服务
    location /api/ {
        proxy_pass http://localhost:5001/;
        
        proxy_redirect off ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    
    // 访问www.site2.com/sub,指向后台 web/sub目录
    location /sub {
        # proxy_pass http://www.site1.com/;
        
        root ../web;
        index index.html;
        
        proxy_redirect off ;
        proxy_set_header host $host;
        proxy_set_header x-real-ip $remote_addr;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }

3.当用户访问www.site1.com的http地址时,直接重定向到https://www.site2.com/sub

// 访问www.site1.com,重定向到https://www.site2.com/sub
server {
    listen       80;
    server_name  www.site1.com;
    rewrite ^(.*)$  https://www.site2.com/sub;
}

4.当用户访问www.site2.com的http地址时,直接重定向到https://www.site2.com

// 访问www.site2.com,重定向到https://www.site2.com
server {
    listen       80;
    server_name  www.site2.com;
    rewrite ^(.*)$  https://$host$1 permanent; 
}

  

完整配置如下:

 

// 访问www.site1.com,重定向到https://www.site2.com/sub
server {
    listen       80;
    server_name  www.site1.com;
    rewrite ^(.*)$  https://www.site2.com/sub;
}

// 访问www.site2.com,重定向到https://www.site2.com
server {
    listen       80;
    server_name  www.site2.com;
    rewrite ^(.*)$  https://$host$1 permanent; 
}

server {
    listen 443 ssl;
    server_name  www.site2.com; // 对www.site2.com进行ssl认证

    ssl_certificate ../ssl/server.crt;
    ssl_certificate_key ../ssl/server.key;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    // 访问www.site2.com/api,指向内部接口服务
    location /api/ {
        proxy_pass http://localhost:5001/;
        
        proxy_redirect off ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    
    // 访问www.site2.com/sub,指向后台 web/sub目录
    location /sub {
        # proxy_pass http://www.site1.com/;
        
        root ../web;
        index index.html;
        
        proxy_redirect off ;
        proxy_set_header host $host;
        proxy_set_header x-real-ip $remote_addr;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
    
    // 访问www.site2.com,指向官网website目录
    location / {
        root ../website;
        index index.html;
        
        proxy_redirect off ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
    

  

posted @ 2020-07-15 17:47  のんきネコ  阅读(891)  评论(0编辑  收藏  举报