Skip to content

Latest commit

 

History

History
147 lines (123 loc) · 4.99 KB

more-domain-config.md

File metadata and controls

147 lines (123 loc) · 4.99 KB

Nginx 同一个IP上配置多个HTTPS主机

  • Nginx 同一个IP上配置多个HTTPS主机

  • 域名列表

    序号 名称 域名 HTTPS主机
    1 官方域名 www.tinywan.com https://www.tinywan.com/
    2 直播域名 live.tinywan.com https://live.tinywan.com/
    3 点播域名 vod.tinywan.com https://vod.tinywan.com/
    4 文档域名 doc.tinywan.com https://doc.tinywan.com/
  • Openresty 编译

    www@TinywanAliYun:~/DEMO/openresty-1.11.2.5$ 
    ./configure --prefix=/usr/local/openresty --with-luajit \
    --with-http_ssl_module --with-openssl=/usr/local/openssl \
    --with-openssl-opt="enable-tlsext" --without-http_redis2_module \
    --with-http_iconv_module --with-http_stub_status_module \
    --with-http_xslt_module --add-dynamic-module=/home/www/DEMO/nginx-ts-module \
    --add-dynamic-module=/home/www/DEMO/nginx-rtmp-module
    ...
    make
    sudo make install

    注意添加配置:--with-openssl-opt="enable-tlsext" ,默认情况下是TLS SNI support disabled

  • Nginx.conf配置文件:

    • 配置文件列表

      www@TinywanAliYun:/usr/local/openresty/nginx/conf/vhost$ ls
      doc.tinywan.com.conf  live_rtmp_hls.conf  live.tinywan.com.conf  
      main.conf  vod.tinywan.com.conf  www.tinywan.com.conf
    • nginx.conf

      http {
          ...
          index  index.php index.html index.htm;
          include "/usr/local/openresty/nginx/conf/vhost/*.conf";
      }
    • main.conf

      # 配置HTTP请求重定向
      server {
          listen       80;
          server_name  www.tinywan.com; #live.tinywan.com vod.tinywan.com;
          rewrite ^ https://$http_host$request_uri? permanent;   
      }
    • www.tinywan.com.conf

      server {
          #listen       80;
          listen       443 ssl;
          server_name  www.tinywan.com;
          set $root_path /home/www/web/go-study-line/public;
          root $root_path;
      
          ssl on;
          ssl_certificate      /etc/letsencrypt/live/www.tinywan.com/fullchain.pem;
          ssl_certificate_key  /etc/letsencrypt/live/www.tinywan.com//privkey.pem;
          server_tokens off;
      
          location / {
              #access_by_lua_file /usr/local/openresty/nginx/conf/lua_script/resty-limit-req.lua;
              if (!-e $request_filename) {
                  rewrite  ^(.*)$  /index.php?s=/$1  last;
                  break;
              }
          }
      
          location = /favicon.ico {
              log_not_found off;
          }
      
          location ~ \.php$ {
              #access_by_lua_file /usr/local/openresty/nginx/conf/lua_script/resty-limit-req.lua;
              fastcgi_pass   unix:/var/run/php7.1.8-fpm.sock;
              fastcgi_index  index.php;
              fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
              include        fastcgi_params;
              fastcgi_buffer_size 128k;
              fastcgi_buffers 4 256k;
              fastcgi_busy_buffers_size 256k;
              fastcgi_connect_timeout 300;
              fastcgi_send_timeout 300;
              fastcgi_read_timeout 300;
          }
      }
    • live.tinywan.com.conf

      # live.tinywan.com
      server{
          listen       443 ssl;
          server_name  live.tinywan.com;
      
          root /home/www/web/live.tinywan.com;
      
          ssl on;
          ssl_certificate      /etc/letsencrypt/live/www.tinywan.com/fullchain.pem;
          ssl_certificate_key  /etc/letsencrypt/live/www.tinywan.com//privkey.pem;
          server_tokens off;
      
      }
    • vod.tinywan.com.conf

      # vod.tinywan.com
      server{
          listen       443 ssl;
          server_name  vod.tinywan.com;
      
          root /home/www/web/vod.tinywan.com;
      
          ssl on;
          ssl_certificate      /etc/letsencrypt/live/www.tinywan.com/fullchain.pem;
          ssl_certificate_key  /etc/letsencrypt/live/www.tinywan.com//privkey.pem;
          server_tokens off;
      
      }
    • doc.tinywan.com.conf

      # doc.tinywan.com
      server{
          listen       443 ssl;
          server_name  doc.tinywan.com;
      
          root /home/www/web/doc.tinywan.com;
      
          ssl on;
          ssl_certificate      /etc/letsencrypt/live/www.tinywan.com/fullchain.pem;
          ssl_certificate_key  /etc/letsencrypt/live/www.tinywan.com//privkey.pem;
          server_tokens off;
      
      }