我在 Debian 12 上執行 nginx 作為多個網站的反向代理(帶有 SSL 終止)。最近注意到,由於這種奇怪的行為,我無法再增加更多主機。啟用了預設站點,但係統地,當我將瀏覽器指向 sub-xx.domain.com 時,系統會重定向到 a.domain.com。然而,從 a 到 w 的每個站點都按預期工作。如果請求是 HTTP,瀏覽器會警告網站不安全並重定向到 d.domain.com。當您明確請求 HTTPS 時,會重定向到 a.domain.com,如上所述。來自 xx.domain.com 的日誌沒有任何痕跡,只要請求是 HTTPS,來自 a.domain.com 的日誌就有這個
192.168.9.1 - - [19/Jan/2024:16:55:04 -0300] "GET /img/logo.gif HTTP/2.0" 200 3418 "https://xx.domain.com/css/login>
xx.conf
pstream xx {
server 192.168.8.86;
keepalive 32;
}
server {
listen 80;
server_name xx.domain.com;
include /etc/nginx/snippets/location-letsencrypt.conf;
# return 301 https://$server_name$request_uri;
#}
#server {
# listen 443 ssl http2;
# server_name test.xx.domain.com;
# include /etc/nginx/snippets/location-letsencrypt.conf;
# include /etc/nginx/snippets/ssl-params.conf;
# ssl_certificate /etc/letsencrypt/live/xx.domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/xx.domain.com/privkey.pem;
location / {
include /etc/nginx/snippets/proxy.conf;
proxy_pass http://test_xx/;
}
access_log /var/log/nginx/xx.domain.com/access.log;
error_log /var/log/nginx/xx.domain.com/error.log;
}
yy.conf
upstream yy {
server 192.168.8.81;
keepalive 32;
}
server {
listen 80;
server_name yy.domain.com;
include /etc/nginx/snippets/location-letsencrypt.conf;
# return 301 https://$server_name$request_uri;
#}
#server {
# listen 443 ssl http2;
# server_name yy.domain.com;
# include /etc/nginx/snippets/location-letsencrypt.conf;
# include /etc/nginx/snippets/ssl-params.conf;
# ssl_certificate /etc/letsencrypt/live/yy.domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/yy.domain.com/privkey.pem;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
proxy_pass http://yy/;
}
access_log /var/log/nginx/yy.domain.com/access.log;
error_log /var/log/nginx/yy.domain.com/error.log;
}
nginx.conf
user www-data;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 10240;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# To avoid error 413
client_max_body_size 192M;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
log_format main '$remote_addr - $remote_user [$time_local]
"$request" ' '$status $body_bytes_sent
"$http_referer" ' '"$http_user_agent"
"$http_x_forwarded_for"';
#access_log /var/log/nginx/access-special.log combined;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
位置-letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/le_root;
}
location = /.well-known/acme-challenge/ {
return 404;
}