美文网首页程序员
nginx一台服务器部署多个域名和证书

nginx一台服务器部署多个域名和证书

作者: 西5d | 来源:发表于2020-08-31 18:43 被阅读0次

背景

手头有俩域名,而且在某云可以拿到一年免费的域名证书。但是由于服务器比较贵,只有一台和对应的公网ip,想怎么支持https证书不会出错的情况下,两个域名都解析到同一个服务器。
所以找了如下的配置。 这里我加了个跳转,如果不需要的也可以不用加跳转。总结来说实现了在资源不够的情况下,稍微变通,同一个ip支持在不同域名下证书有效,即一个ip可以部署多个https网站。

配置详情

配置就全部拿过来了,注意添加的注释。

#nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    client_max_body_size 100m;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    
    # 默认的网站
    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  myweb1.com www.myweb1.com;
        root         /export/www/mediawiki;
        index        index.php;
        ssl_certificate /etc/pki/nginx/private/myweb1.pem;
        ssl_certificate_key /etc/pki/nginx/private/myweb1.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #支持和禁止的加密算法
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #协议版本
        ssl_prefer_server_ciphers on;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
        location @mediawiki {
            rewrite ^/wiki([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
            #rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess config page
            #rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
            #rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
            #rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
            #rewrite ^/(.*) /doku.php?id=$1&$args last;
        }
        location / { try_files $uri $uri/ @mediawiki; }

        # 由于mediawiki 是php的,所有需要添加支持。
        location ~* \.php$ {
                try_files $uri =404;
                fastcgi_index   index.php;
                fastcgi_pass    127.0.0.1:9000;
                include         fastcgi_params;
                fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }


   ### 不同域名,同样内容
    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  www.myweb2.com myweb2.com;
        root         /export/www/mediawiki;
        index        index.php;
        ssl_certificate /etc/pki/nginx/private/myweb2.pem;
        ssl_certificate_key /etc/pki/nginx/private/myweb2.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #支持和禁止的加密算法
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #协议版本
        ssl_prefer_server_ciphers on;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
    location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
        location @mediawiki {
            #rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess config page
            #rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
            #rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
            #rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
            #rewrite ^/(.*) /doku.php?id=$1&$args last;
        }
        location / { try_files $uri $uri/ @mediawiki; }

        location ~* \.php$ {
                try_files $uri =404;
                fastcgi_index   index.php;
                fastcgi_pass    127.0.0.1:9000;
                include         fastcgi_params;
                fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

    server {
        listen       80 ;
        listen       [::]:80 ;
        server_name  _;
        # Load configuration files for the default server block.
        rewrite ^(.*)$ https://$host$1  permanent;  # 这里加跳转,默认是80的访问全部转到443,永久跳转
        include /etc/nginx/default.d/*.conf;
        location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
        location / { try_files $uri $uri/ @mediawiki; }
        # 支持php的配置
        location ~* \.php$ {
                try_files $uri =404;
                fastcgi_index   index.php;
                fastcgi_pass    127.0.0.1:9000;
                include         fastcgi_params;
                fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
    # 另一个网站服务,端口也不一样
    server {
        listen       8000 ;
        listen       [::]:8000 ;
        server_name  _;
        root         /export/www/dokuwiki;
        index        doku.php
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki
        location @dokuwiki {
            #rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page
            rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
            rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
            rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
            rewrite ^/(.*) /doku.php?id=$1&$args last;
        }
        location / { try_files $uri $uri/ @dokuwiki; }

        location ~* \.php$ {
                try_files $uri =404;
            fastcgi_index   index.php;
            fastcgi_pass    127.0.0.1:9000;
            include         fastcgi_params;
            fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
    }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

总结

以上就是本次的内容,简单做个记录。

相关文章

网友评论

    本文标题:nginx一台服务器部署多个域名和证书

    本文链接:https://www.haomeiwen.com/subject/jbrpsktx.html

    延伸阅读

    深度阅读

    • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

    栏目导航

    热点阅读

    程序员

    关于我们|服务条款|联系我们|nginx一台服务器部署多个域名和证书|投稿指南|网站地图|RSS订阅|排版工具|手机版

    提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

    Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

    备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

    本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

    所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!