Nginx代理多站点及配置HTTPS

配置HTTPS

申请 HTTPS 证书

不再赘述

部署

  1. 将证书下载下来上传服务器自定义目录(注:下载对应代理的文件,此处为nginx
  2. 配置nginx,参考如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
server {
    listen 80 default_server;
    listen [::]:80;
    server_name xxx.com www.xxx.com; # 填入域名,没有则注释掉该行
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xxx.com www.xxx.com; # 填入域名,没有则注释掉该行
    root /var/自定义目录/自定义目录; # 填入存放网页的目录绝对路径
    index index.html index.htm index.php;

    ssl_certificate /自定义路径/xxx.pem; # 存放证书的目录
    ssl_certificate_key /自定义路径/xxx.key;# 存放证书的目录

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    
    location ~ /\.ht {
        deny all;
    }
}

然后使用https访问即可,如若访问失败可查看服务器是否放行https的443端口

Nginx代理多网站

创建多个网站目录

此步骤是为了存放不同网站的文件

例如创建了/var/www/web1/var/www/web2,分别代表网站1与网站2

配置nginx

  1. 找到 nginx 配置目录 /etc/nginx/sites-available/ 另外创建两个文件(可直接复制 defaulf 文件内容)
  2. 修改两个文件

如:网站1的配置填入(可顺便配置好https,按需即可)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
server {
    listen 80 default_server;
    listen [::]:80;
    server_name xxx.com www.xxx.com; # 填入域名,没有则注释掉该行
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xxx.com www.xxx.com; # 填入域名,没有则注释掉该行
    root /var/www/web1; # 填入存放网页的目录绝对路径
    index index.html index.htm index.php;

    ssl_certificate /自定义路径/xxx.pem; # 存放证书的目录
    ssl_certificate_key /自定义路径/xxx.key;# 存放证书的目录

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    
    location ~ /\.ht {
        deny all;
    }
}

网站2的配置填入

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
server {
    listen 80;
    server_name xxx.com www.xxx.com; # 填入域名,没有则注释掉该行
    root /var/www/web2; # 填入存放网页的目录绝对路径
    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ =404;
    }
    
    # 启用PHP处理
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # 禁止访问.htaccess文件
    location ~ /\.ht {
        deny all;
    }

}
  1. 连接到sites-enabled
1
2
sudo ln -s /etc/nginx/sites-available/自定义的nginx配置文件名1 /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/自定义的nginx配置文件名2 /etc/nginx/sites-enabled/
  1. 重启nginx
1
2
3
4
sudo nginx -t				#检查配置是否有错
sudo nginx -s reload		#重启nginx服务
# PS: 如果报错 nginx: [error] invalid PID number "" in "/run/nginx.pid" 说明nginx未启动 启动即可
sudo systemctl start nginx	#启动nginx