如何在一个nginx配置文件中,多子域名对应多个root目录,并屏蔽未指定的域名ip访问,支持ssl?
设置目标:在一个nginx配置文件中,多子域名,对应多个root目录,并屏蔽未指定的域名访问,屏蔽ip访问,支持ssl。
问题描述:下列代码无法屏蔽未指定域名访问,其他功能都已事项。怎么解决?
相关代码
server
{
listen 80;
server_name ~^(?<subdomain>.+)\.xxxx\.com$;
set $roots /home/wwwroot/;
set $root 0;
if ($subdomain = www) {
set $root $roots/wordp;
}
if ($subdomain = open) {
set $root $roots/open;
}
if ($subdomain = yun) {
set $root $roots/yun.xxxx.com;
}
if ($subdomain = "") {
set $root $roots/xxxx.com;
}
#root $root;
index index.html index.htm index.php default.html default.htm default.php;
if ($root != 0){
return 301 https://$subdomain.xxxx.com$request_uri;
set $k $root;
return 301 https://$subdomain.xxxx.com$request_uri;
set $k $root;
}
if ($root = 0){
return 404;
}
root $k;
access_log /home/wwwlogs/$subdomain.xxxx.com.log;
}
server
{
listen 443 ssl http2;
server_name ~^(?<subdomain>.+)\.architect\.wang$;
set $roots /home/wwwroot/;
set $root 0;
if ( $host = $server_addr ) { return 444; }
if ($subdomain = www) {
set $root $roots/wordp;
}
if ($subdomain = open) {
set $root $roots/open;
}
if ($subdomain = yun) {
set $root $roots/yun.xxxx.com;
}
if ($subdomain = "") {
set $root $roots/xxxx.com;
}
if ($root = 0){ return 404;
}
root $root;
index index.html index.htm index.php default.html default.htm default.php;
#root /home/wwwroot/xxxx.com;
#ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/xxxx.com/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/xxxx.com/xxxx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
include rewrite/other.conf;
#error_page 404 /404.html;
include rewrite/other.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php-pathinfo.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
add_header Strict-Transport-Security "max-age=15552000;includeSubdomains;preload";
access_log /home/wwwlogs/$subdomain.xxxx.com.log;
access_log /home/wwwlogs/$subdomain.xxxx.com.log;
#修改网页cookie属性,加强安全
add_header Set-Cookie "HttpOnly";
add_header Set-Cookie "Secure";
add_header X-Frame-Options "DENY";
}
问题出现的环境背景及自己尝试过哪些方法
// 请把代码文本粘贴到下方(请勿用图片代替代码)
你期待的结果是什么?实际看到的错误信息又是什么?
错误结果,网页打开提示证书不可信,然后502错误。
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
添加如下配置试试