我有多个子域的NGINX配置。我使用Let的加密/ ACME客户端为他们启用了SSL。除了一个子域外,所有子域都在工作。
其中一个子域在/var/www/dir下作为https://dir.domain.net提供,另一个子域在/var/www/dir/one下作为https://one.domain.net提供。出于某种原因,我无法理解,启用SSL后,/var/www/dir/one下提供的子域名将被重定向到https://dir.domain.net。
这两个子域的配置如下:
/var/www/dir为http://dir.domain.net
server {
listen 80;
listen 443 ssl spdy;
root /var/www/dir;
index index.php index.html index.htm;
server_name dir.domain.net;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options SAMEORIGIN;
ssl on;
ssl_certificate cert.crt;
ssl_certificate_key key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate trustedCA.pem;
resolver 8.8.4.4 8.8.8.8 valid=1800s;
resolver_timeout 10s;
ssl_dhparam dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location / {
try_files $uri $uri/ /index.html =404;
rewrite /index.php/(topic|board),(.*).html$ /index.php?$1=$2 permanent;
rewrite /index.php/(topic|board),(.*)$ /index.php?$1=$2 permanent;
rewrite /index.php(\?|%3F)(topic|board)(=|%3D)(.*)$ /index.php?$2=$4 permanent;
rewrite /subdomains/dir/index.php/(topic|board),(.*)$ /index.php?$1=$2 permanent;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 90;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SSL_PROTOCOL $ssl_protocol;
fastcgi_param SSL_CIPHER $ssl_cipher;
fastcgi_param SSL_SESSION_ID $ssl_session_id;
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
include fastcgi_params;
}
}
/var/www/dir/one为https://one.domain.net:
server {
root /var/www/dir/one;
index index.php index.html index.htm;
server_name one.domain.net;
# log directives
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options SAMEORIGIN;
ssl on;
ssl_certificate cert.crt;
ssl_certificate_key key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate trustedCA.pem;
resolver 8.8.4.4 8.8.8.8 valid=1800s;
resolver_timeout 10s;
ssl_dhparam dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
location / {
try_files $uri $uri/ /index.html;
rewrite /index.php/(.*)$ /index.php?title=$1 permanent;
}
location ~ \.php$ {
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass phpservers;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
要将/var/www/dir/one作为https://one.domain.net投放,我该怎么办?
提前致谢。