使用nginx为子域和子域上的php代码加载meteor

时间:2015-12-18 07:12:12

标签: php meteor nginx virtualhost reverse-proxy

我有一个挑战,我无法弄清楚如何解决。 我是运行CentOS7的DigitalOcean VPS。在这里我主持一个域名,e.q。 www.example.com。 我现在正在运行nginx。它曾经是Apache,但我无法弄明白如何使用websockets反向代理,用于Apache的流星工作。

现在在Nginx中,我创建了一个vhost配置,用于从使用pm2-meteor运行的流星服务器加载主域www.example.com和example.com:

    server_tokens off; # for security-by-obscurity: stop displaying nginx version
    map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
server {
    listen 443 ssl spdy; # we enable SPDY here
    server_name www.example.com; # this domain must match Common Name (CN) in the SSL certificate

    root /var/www/html/example/bundle; # irrelevant
    index index.html; # irrelevant

    ssl_certificate /etc/httpd/ssl/example/example.crt; # full path to SSL certificate and CA certificate concatenated together
    ssl_certificate_key /etc/httpd/ssl/example/example.key; # full path to SSL key

    # performance enhancement for SSL
    ssl_stapling off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    # safety enhancement to SSL: make sure we actually use a safe cipher
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';

    # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
    # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
    add_header Strict-Transport-Security "max-age=31536000;";

    # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
    # This works because IE 11 does not present itself as MSIE anymore
    #if ($http_user_agent ~ "MSIE" ) {
    #    return 303 https://browser-update.org/update.html;
    #}

    # pass all requests to Meteor
    location / {
        proxy_pass http://127.0.0.1:4001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP

        # this setting allows the browser to cache the application in a way compatible with Meteor
                                                                                                                                    45,1          Top

我在4001端口上运行流星服务器。 好吧,这对流星来说非常适合。我现在的问题是我想为子域,payment.example.com创建一个vhost,它将加载larval 5。 通常我希望这个子域也加载HTTPS。 如果不加载默认的nginx vhost设置或加载meteor的域vhost,我怎么能这样做呢? 我无法找到使其发挥作用的方法。这是我试图制作的付款子域名虚拟主机,但它无效:

    server {
listen 431 ssl spdy; # we enable SPDY here
listen [::]:431 ipv6only=on default_server;
server_name payment.example.ro; # this domain must match Common Name (CN) in the SSL certificate
root /var/www/html/example/payment/;

access_log  /var/log/nginx/nginx_access.log;
error_log  /var/log/nginx/nginx_error.log;

ssl_certificate /etc/httpd/ssl/example/example.crt; # full path to SSL certificate and CA certificate concatenated together
ssl_certificate_key /etc/httpd/ssl/example/example.key; # full path to SSL key

# performance enhancement for SSL
ssl_stapling off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;

# safety enhancement to SSL: make sure we actually use a safe cipher
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';

# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
add_header Strict-Transport-Security "max-age=31536000;";
    location / {
                root /var/www/html/example/payment/;
                index index.php index.html index.htm;
               }
    location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                }

}

现在当我加载payment.example.com时,我加载了流星反向代理。 关于如何使这项工作的任何建议或想法。这甚至可能吗? 我是否必须将其放在子文件夹而不是子域中?我更喜欢子域......

谢谢你!

0 个答案:

没有答案
相关问题
最新问题