我有两个子域,我想以下面的方式链接: https://suba.example.org/ : https://suba.example.org/是我的主要子域, https://subb.example.org/是我的辅助子域。 在suba我有一个服务器运行一个Web应用程序,subb只用于redirect。 suba上的这个服务器有一个url,可以叫它https://suba.example.org/foo.php/bar 。
我想要的只是,当我在浏览器中inputhttps://subb.example.org/ ,会显示https://suba.example.org/foo.php/bar的内容, 但是 URL需要说明https://subb.example.org/ 。
截至目前,它将正确显示https://suba.example.org/foo.php/bar的内容,但浏览器将显示内容的URL而不是https://subb.example.org/ 。 我重新启动了nginx-server几次,并使用隐身窗口,确保浏览器不会caching任何数据。
发生什么事是:
https://subb.example.org/ :它将显示https://suba.example.org/foo.php/bar的正确输出, 但会显示https://suba.example.org/foo.php/bar在URL栏中 https://subb.example.org/ :它将显示https://suba.example.org/foo.php/bar的内容https://suba.example.org/foo.php/bar https://subb.example.org URL栏, 但只有文本,没有CSS或图片。 像80年代的网站。 在点击之前input: /imgs/Q5mgx.png : /imgs/Q5mgx.png
发生了什么: /imgs/CfHM1.png : /imgs/CfHM1.png
应该发生什么: /imgs/5OxQ4.png : /imgs/5OxQ4.png
任何帮助表示赞赏。
附件是我的nginx site-config的subb :
server { listen 443 ssl; root /config/www; index index.html index.htm index.php; ### Server Name server_name subb.example.org; ### SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ### Diffie–Hellman key exchange ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ### Extra Settings ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://suba.example.org/foo.php/bar; } }
这里是suba的nginx site-config:
server { listen 443 ssl; root /config/www; index index.html index.htm index.php; ### Server Name server_name suba.example.org; ### SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ### Diffie–Hellman key exchange ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ### Extra Settings ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://192.168.178.6:444/; } }
这里是对curl -i https://subb.example.org的回应:
HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 07 Aug 2017 19:24:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 11185 Connection: keep-alive X-Powered-By: PHP/7.1.5 Set-Cookie: oc367h1rrnkw=i7l0tko9m9unbifqus6lqua1v2; path=/; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Pragma: no-cache Set-Cookie: oc_sessionPassphrase=eFmSS9gKBYJ4YP0MHDFhmxnhJZnmWTDAMjN4zkTrEenumTa66yy6SeWCs12oU2k2MbDN424ySgGeyyYbciCK7Fs3gmmjtwAJU3a3r87BXZ1Uk%2FmdLEXuZoFdy4mbPH67; path=/; secure; HttpOnly X-Frame-Options: SAMEORIGIN Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict Cache-Control: no-cache, no-store, must-revalidate Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self';frame-src 'self' Strict-Transport-Security: max-age=15768000; includeSubDomains; preload; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Strict-Transport-Security: max-age=63072000; includeSubdomains Front-End-Https: on Strict-Transport-Security: max-age=63072000; includeSubdomains Front-End-Https: on
我将其粘贴到Live HTTP Header插件的输出中以进行粘贴: pastebin.com/a6kfqhMn
解决scheme是将请求的CSS,graphics等redirect到https://suba.example.org 。 因此,我新的https://subb.example.org网站configuration如下:
server { listen 443 ssl; root /config/www; index index.html index.htm index.php; ### Server Name server_name https://subb.exmaple.org; ### SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ### Diffie–Hellman key exchange ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ### Extra Settings ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location ^~ /core/ { proxy_pass https://suba.exmaple.org; } location ^~ /apps/ { proxy_pass https://suba.exmaple.org; } location ^~ /index.php/ { proxy_pass https://suba.exmaple.org; } location / { proxy_pass https://suba.exmaple.org/foo.php/bar; } }
在这里, location ^~ ...的部分是缺less的。 我知道这不是最好的做法,因为我不得不通过整个源代码来找出缺less的东西以及我将要redirect的东西。 也许有一天,有人会阅读这些文字,告诉我一个更好的方法来redirectWeb服务器的真实内容。 但在此之前,这个解决scheme将起作用。