nginx二级域名配置(多个域名解析到同个Nginx服务并配置https)

多域名解析到同个nginx基于种种原因我们会有一种需求,多个域名解析到同一台服务器上的同一个Nginx服务里;比如:www.aaa.com 一级域名为官网所用,前端代码目录为official;abc.aaa.com 二级域名为web管理端所用,前端代码目录为web;我使用的是docker启动Nginx1.创建以下目录mkdir nginx // nginx主目录
cd nginx // 进入目录
mkdir web // 创建web目录用于存放abc.aaa.com域名前端代码
mkdir official // 创建official目录用于存放www.aaa.com域名前端代码
mkdir conf.d // 用于存放多配置文件
mkdir cert // 用于存入https证书
mkdir logs // nginx日志目录2.在nginx下创建docker-componse.yml并写入## docker-compose.yml

version: "3"
services:
nginx:
container_name: nginx-server
image: nginx:latest
restart: always
#network_mode: "host"
environment:
– "USER=www"
ports:
– "80:80"
– "443:443"
volumes:
– /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime
– ~/nginx/web:/usr/share/nginx/web
– ~/nginx/official:/usr/share/nginx/official
– ~/nginx/conf.d:/etc/nginx/conf.d
– ~/nginx/nginx.conf:/etc/nginx/nginx.conf
– ~/nginx/logs:/var/log/nginx
– ~/nginx/cert:/etc/nginx/cert## 此配置为挂载宿主机目录到nginx容器
volumes:
## 同步宿主机时间
– /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime
## 放abc.aaa.com前端代码
– ~/nginx/web:/usr/share/nginx/web
## 放www.aaa.com前端代码
– ~/nginx/official:/usr/share/nginx/official
## nginx配置文件目录
– ~/nginx/conf.d:/etc/nginx/conf.d
## nginx默认配置文件
– ~/nginx/nginx.conf:/etc/nginx/nginx.conf
## nginx日志目录
– ~/nginx/logs:/var/log/nginx
## ssl证书目录
– ~/nginx/cert:/etc/nginx/cert3.创建nginx默认配置user root;

worker_processes 1;

error_log /var/log/nginx/error.log warn;

pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr – $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;
}4.进入conf.d目录分别创建不同域名的配置这里主要是使用server_name 配置不同的域名来使域名解析的时候配置到不同的server还有务必将root配置 放到server层,不同的前端代码放到不同的目录中## www.aaa.com配置
server {
listen 80;
listen 443 ssl;
server_name www.aaa.com;
ssl_certificate cert/aaa.pem;
ssl_certificate_key cert/aaa.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/ssl_access.log;
error_log /var/log/nginx/ssl_error.log;

root /usr/share/nginx/html;

location / {
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

## abc.aaa.com配置
server {
listen 80;
listen 443 ssl;
server_name abc.aaa.com;
ssl_certificate cert/abc.pem;
ssl_certificate_key cert/abc.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/ssl_access.log;
error_log /var/log/nginx/ssl_error.log;

root /usr/share/nginx/web;

location / {
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}5.然后把前端代码及ssl证书文件上传到对应目录6.启动Nginx Docker## 进到docker-componse.yml所在目录,执行以下命令

docker-compose up -d

## 查看容器是否启动成功
docker ps -a //列出所有运行中的容器
## 如果STATUS为up说明启动成功,如果不是up使用docker logs -f 查看服务日志
访问www.aaa.com 将指向official目录;访问abc.aaa.com 将指向web目录;一些其它的反向代理配置## 不同域名配置自己的server下,且如果是docker不能使用127.0.0.1反向到本机,要使用外网IP
server {
…..

location ~ ^/(rest)/ {
proxy_ssl_server_name on;
proxy_ssl_verify off;
proxy_ssl_name $host;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-For $remote_addr;
#proxy_set_header cookie $http_cookie;
#proxy_set_header Proxy-Connection "";
#proxy_http_version 1.1;
proxy_pass http://xxx.xxx.xxx.xxx:18080;
}

location ~ ^/(api)/ {
proxy_ssl_server_name on;
proxy_ssl_verify off;
proxy_ssl_name $host;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-For $remote_addr;
proxy_pass http://xxx.xxx.xxx.xxx:18081;
}

}
server {
…..

location ~ ^/(rest)/ {
proxy_ssl_server_name on;
proxy_ssl_verify off;
proxy_ssl_name $host;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-For $remote_addr;
#proxy_set_header cookie $http_cookie;
#proxy_set_header Proxy-Connection "";
#proxy_http_version 1.1;
proxy_pass http://xxx.xxx.xxx.xxx:18080;
}

location ~ ^/(api)/ {
proxy_ssl_server_name on;
proxy_ssl_verify off;
proxy_ssl_name $host;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-For $remote_addr;
proxy_pass http://xxx.xxx.xxx.xxx:18081;
}

}

本文出自快速备案,转载时请注明出处及相应链接。

本文永久链接: https://www.175ku.com/27353.html