可参考:
https://help.aliyun/document_detail/98728.html?spm=5176.2020520163.cas.15.4ed756a7Oi0HTv
https://wwwblogs/phpper/p/6441475.html
背景:
https://www.liyongquan 主域名是经过配置ssl安全证书的指向前端页面,
http://api.liyongquan 子域名是未经过配置ssl指向后端接口项目的。
此时页面访问接口会跨协议。因此配置接口请求url为https://www.liyongquan/api/
www.liyongquan.conf 配置文件内容如下:
server {
listen 80;
server_name www.liyongquan;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
server_name www.liyongquan;
client_max_body_size 125M;
access_log /data/logs/www/www.liyongquan.access.log;
error_log /data/logs/www/www.liyongquan.error.log;
ssl_certificate ./cert/www.liyongquan.pem;
ssl_certificate_key ./cert/www.liyongquan.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#rewrite ^(.*)$ https://$host$1 permanent;
location / {
root /data/web/zhanfu-build/;
index index.html;
#try_files $uri $uri/ /index.html;
}
location ^~ /api {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Referer $http_referer;
proxy_set_header X-Scheme $scheme;
proxy_pass http://127.0.0.1:7000;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
www.zhanfu6.api.conf 配置文件内容如下:
server {
listen 7000;
client_max_body_size 125M;
root /data/web/zhanfu-server/public;
access_log /data/logs/www/www.liyongquan.api.access.log;
error_log /data/logs/www/www.liyongquan.api.error.log;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .*\.(php|php5)?$ {
fastcgi_pass UNIX:/var/run/php-fpm/php-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi.conf;
}
location = /50x.html {
}
}
测试配置是否成功:nginx -t
平滑重启生效:nginx -s reload
更多推荐
nginx配置https一个域名不同路径分别访问前端和后端两个项目
发布评论