我使用nginx作为web前端和apache2作为web后端。 Apache在本地运行多个网站,nginx访问它们。
目前,不同的子域是托pipe,但我想要迁移到一个单一的使用http://my-single-domain.com/subdomain-alias感谢nginx。
每个子域的根目录和apache2 vhost端口是不同的(听起来很明显,不是吗?)。
我尝试了几种configuration,但是我无法获取正在发送的资源,即发送了索引html,但服务器( 404 Not Found )找不到资源,尽pipe设置了规则root 。
我尝试了几个解决scheme,如:
location /alias1 { proxy_pass http://127.0.0.1:9095/; include /etc/nginx/proxy.conf; }
要么
location /alias1 { alias /alias1/; proxy_pass http://127.0.0.1:9095/; include /etc/nginx/proxy.conf; }
甚至
location /alias1/ { rewrite ^/alias1(/.*)$ $1 break; proxy_pass http://127.0.0.1:9095/; }
或再次
location /alias1/ { rewrite ^/alias1(/.*)$ $1 break; proxy_pass http://127.0.0.1:9095/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
这个设置有什么问题? 当请求age /alias1/page时,如何设置nginx从特定的根目录检索资源?
首先在webmasters.stackexchange.com上询问
— ### /etc/nginx/proxy.conf proxy_redirect off; proxy_set_header主机$主机; proxy_set_header X-Real-IP $ remote_addr; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; #client_max_body_size 10m; #client_body_buffer_size 128k; proxy_connect_timeout 90; #proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffers 32 4k;
user www-data www-data; worker_processes 2; pid /var/run/nginx.pid; worker_rlimit_nofile 1024; events { worker_connections 512; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile "on"; tcp_nopush "on"; tcp_nodelay "on"; keepalive_timeout "65"; access_log "/var/log/nginx/access.log"; error_log "/var/log/nginx/error.log"; server_tokens off; types_hash_max_size 2048; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*/*; }
server { listen 443; ssl on; ssl_certificate /etc/ssl/private/single-domain.com-with_chain.crt; ssl_certificate_key /etc/ssl/private/single-domain.com.key.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_dhparam /etc/ssl/private/dhparams.pem; server_name www.single-domain.com; location / { proxy_pass http://127.0.0.1:8090/; include /etc/nginx/proxy.conf; } location /alias/ { proxy_redirect off; proxy_http_version 1.1; proxy_pass http://127.0.0.1:8103/; proxy_set_header Host alias.single-domain.com; root /var/www/alias.single-domain.com; } location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx|otf|eot|svg|ttf|woff)$ { root /var/www/single-domain.com/public; proxy_buffering on; proxy_cache_valid 200 120m; expires 864000; } access_log /var/log/nginx/single-domain.com/www-access.log; error_log /var/log/nginx/single-domain.com/www-error.log; }
如果apache正在侦听域sub1.example.com 9095端口和域sub1.example.com 9096端口,并且您希望nginx将http://www.example.com/alias1先传递给http://www.example.com/alias2到第二个apache虚拟主机,你会这样做:
location /alias1/ { proxy_redirect off; proxy_http_version 1.1; proxy_pass http://127.0.0.1:9095/; proxy_set_header Host sub1.example.com; } location /alias2/ { proxy_redirect off; proxy_http_version 1.1; proxy_pass http://127.0.0.1:9096/; proxy_set_header Host sub2.example.com; }
那么例如原始请求到http://your-single-domain.example.com/alias1/foo/page1.html nginx将被转发到Apache,就好像它去http://sub1.example.com:9095/foo/page1.html
原始请求到http://your-single-domain.example.com/alias2/bar/baz/page2.html nginx将被转发到Apache,如果它去http://sub2.example.com:9096/bar/baz/page2.html
Update1 (概念certificate):在上面只有configuration文件的nginx中,我们运行netcat作为nc -l -p 9095 (apache不应该在这个debugging端口上监听),然后在浏览器中打开http://www.single-domain.com/alias1/assets/style.css 。 我们应该在netcat输出中看到以下内容:
GET /assets/style.css HTTP/1.1 Host: sub1.example.com Connection: close User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.6.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1
如果在端口9095上有apache监听,而不是我们的netcat,则会得到URL“ http://sub1.example.com/assets/style.css ”的HTTP / 1.1请求(将显示在/var/log/apache2/access_log或类似)
请注意, rewrite ^/alias1(/.*)$ $1 break; 是不需要的,因为location /alias1/会自动剥离/alias1/ URL的一部分。
如果你在使用你的 nginxconfiguration文件的时候得到了不同的输出,这意味着你在nginx中有相互矛盾的指令 – 那么我build议从这个答案中的configuration开始,检查它的工作,然后开始逐个添加旧的configuration块,直到它打破了 – 然后你会有冲突块需要改变。
Update2 :因为你发布了你的nginxconfiguration文件,所以很显然 – 你有位置覆盖,说你的所有.css文件(沿着其他一些文件)将直接从/var/www/single-domain.com/public nginx服务/var/www/single-domain.com/public 。 删除或编辑它,它会通过Apache。