欢迎光临
一个有态度、有温度的分享型博客

nginx同一个服务器(IP)部署多个网站并启用https

环境搭建

首先是LNMP环境的搭建,详见[这里],这里我是通过yum的方式安装的nginx。

申请证书

分别申请两个域名的证书,这里是(www.rxblog.xyz,www.weiyandaily.com),申请证书的前提时你已经正确解析你的域名到同一个ip地址,申请证书的步骤详见[这里]。

配置Nginx

我在/etc/nginx/conf.d/下面分别建了两个配置文件rxblog.https.conf,weiyanzixun.https.conf,内容分别如下:

1.rxblog.https.conf

server{
    listen 80;
    server_name rxblog.xyz www.rxblog.xyz;
    add_header Strict-Transport-Security max-age=15768000;
    return 301 https://$server_name$request_uri;
}

server {
   listen 443 ssl http2;
   server_name rxblog.xyz www.rxblog.xyz;
   index  index.php index.html index.htm;
   root   /usr/share/nginx/rxblog;
   add_header X-Frame-Options DENY;
   add_header X-Content-Type-Options nosniff;

   ssl_certificate /etc/letsencrypt/live/rxblog.xyz/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/rxblog.xyz/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 60m;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root/$fastcgi_script_name;
        include        fastcgi_params;
    }

}

2.weiyanzixun.https.conf

server{
    listen 80;
    server_name weiyanzixun.com www.weiyanzixun.com;
    #告诉浏览器有效期内只准用 https 访问
    add_header Strict-Transport-Security max-age=15768000;
    #永久重定向到 https 站点
    return 301 https://$server_name$request_uri;
}

server {
   listen 443 ssl http2;
   server_name weiyanzixun.com www.weiyanzixun.com;
   index  index.php index.html index.htm;
   root   /usr/share/nginx/weiyanzixun;
   add_header X-Frame-Options DENY;
   add_header X-Content-Type-Options nosniff;

   ssl_certificate /etc/letsencrypt/live/weiyanzixun.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/weiyanzixun.com/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 60m;


    location / {
        try_files $uri $uri/ /index.php?$args;  #修改内容
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #修改此处内容支持php
    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root/$fastcgi_script_name;
        include        fastcgi_params;
    }
}

重启nginx

systemctl reload nginx

配置中有很多不合理的地方,比如启用http2没有优化,加密方式的优化,待后续慢慢优化!有恳请各位给予指正,rxwangwb(at)gmail.com

未经允许不得转载:容休博客 » nginx同一个服务器(IP)部署多个网站并启用https

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址