我有一个名为app的子域,该子域通过DNS指向我的主机,但我不想将其用于当前使用该子域xyz的网站。如果我转到https://app.domain.com,则会收到“您的连接不是私有的”错误。浏览器可以显示这一点很好,但是我现在不希望任何人访问此子域。我希望将它们重定向到我拥有有效SSL的https://xyz.domain.com。请在下面查看我的配置,并帮助我找出我所缺少的内容。预先感谢。
server {
listen 80;
listen [::]:80;
server_name xyz.domain.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://xyz.domain.com$request_uri;
}
}
server {
# For https
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
server_name xyz.domain.com;
if ($http_host = app.domain.com) {
rewrite ^ https://xyz.domain.com$request_uri? permanent;
}
ssl_certificate /etc/letsencrypt/live/xyz.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xyz.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
答案 0 :(得分:0)
如果不希望用户收到安全警告,则需要设置辅助服务器配置并配置certbot以获得app.domain.com的证书:
server {
listen 443;
listen [::]:443 ssl ipv6only=on;
server_name app.domain.com;
rewrite ^ https://xyz.domain.com$request_uri? permanent;
ssl_certificate /etc/letsencrypt/live/app.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}