我正在尝试将nginx与以下设置放在一起:
我在localhost上运行了两个http服务器。一个侦听端口8080,另一个侦听端口8081。
两者都应该通过https和
不知何故,当导航到test.awesomesite.io时,nginx服务器将我引导到我的生产服务器。
我使用以下配置将www-requests指向localhost:8080,将test-request指向8081。
server {
listen 80;
server_name www.awesomesite.io;
rewrite ^ https://$host$request_uri? permanent; # force redirect http to https
server_tokens off;
}
# SSL port production server
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.awesomesite.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.awesomesite.io/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl on;
server_name www.awesomesite.io;
server_tokens off;
# ......
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 1200s;
}
}
# SSL test server
server {
listen 80;
server_name test.awesomesite.io;
rewrite ^ https://$host:8443$request_uri? permanent; # force redirect http to https
server_tokens off;
}
server {
listen [::]:8443 ssl ipv6only=on;
listen 8443 ssl;
ssl_certificate /etc/letsencrypt/live/test.awesomesite.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.awesomesite.io/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl on;
server_name test.awesomesite.io;
server_tokens off;
# ......
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 1200s;
}
}
如果有人遇到同样的问题,请回答我自己的问题:
我使用https://serverfault.com/questions/538803/nginx-reverse-ssl-proxy-with-multiple-subdomains的答案来改变我的配置。
我使用www.awesomesite.io和test.awesomesite.io名称为端口443定义了多个服务器块,而不是重写测试子域以使用端口8443。
在这些更改之后,来自测试请求标头的主机确实与特定服务器块匹配,并被路由到localhost 8081。
我仍然没有弄清楚为什么原始配置不起作用。所有请求都与生产服务器块匹配(或者至少由第一个服务器块处理)。