1. 技术文章
  2. How setup subdomain in nginx?

How setup subdomain in nginx?

血红的双手。 提交于 2020-12-15 05:22:27

问题


I tried a few times do from the beginning but still, my subdomain doesn't work. I have ubuntu Nginx. I want to create a client-side and backend(subdomain) domain.

The client-side config(work correctly):

server {
        root  /var/www/html/dist;

        # Add index.php to the list if you are using PHP
        index index.html;

        server_name hookahscope.com www.hookahscope.com;

        location ~ ^/(sitemap.xml) {
            root /var/www/html/public;
        }
        location / {
                try_files $uri /index.html;
        }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot
}

server {
    if ($host = www.hookahscope.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = hookahscope.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name hookahscope.com www.hookahscope.com;
    return 404; # managed by Certbot
}

UPDATED: My client side(main domain) config has additional configs and this is the conflict

server {
    if ($host = www.hookahscope.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = hookahscope.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    server_name www.api.hookahscope.com api.hookahscope.com; # managed by Certb>
    return 404; # managed by Certbot

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
    ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

}



server {
    if ($host = www.api.hookahscope.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = api.hookahscope.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 ;
        listen [::]:80 ;
    server_name www.api.hookahscope.com api.hookahscope.com;
    return 404; # managed by Certbot
}

And back-end config:

server {
        listen 80;

        root  /var/www/backend;

        # Add index.php to the list if you are using PHP
        index index.html;

        server_name api.hookahscope.com;

location ~ ^/(sitemap.xml) {
    root /var/www/html/public;
}

        location / {
proxy_pass http://localhost:8081;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri /index.html;
        }

}

I run backend on pm2(server is nodejs with express) So, locally I can see backend on 8081 port by command :

 curl http://localhost:8081/

Nginx show some error, but it is not helped me:

 sudo nginx -t
nginx: [warn] conflicting server name "api.hookahscope.com" on 0.0.0.0:80, ignored

Of course, the error disappear if remove listen 80; from the subdomain config, but I can't find what I should setup instead of

UPDATED2 My subdomain config:

server {
        server_name api.hookahscope.com;

#location ~ ^/(sitemap.xml) {
 #   root /var/www/html/public;
#}

        location / {
proxy_pass http://localhost:8081/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        }
listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
    ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot
}

回答1:


Instead of checking the Host HTTP header via the if ($host = hookahscope.com) { ... } I recommend to filter the requests defining two server blocks as suggested by official nginx documentation (read this answer for detailed description). Having two separate SSL server blocks you shouldn't use the ipv6only=on flag on listen directive (read this thread for details). Here is the configuration I recommend to use:

server {
    # redirect HTTP to HTTPS for requests where the HTTP 'Host' header equal to one of our domains
    listen 80;
    listen [::]:80;
    server_name hookahscope.com www.hookahscope.com api.hookahscope.com;
    return 301 https://$http_host$request_uri;
}
server {
    # close the connection immediately for the rest of requests
    listen 80 default_server;
    listen [::]:80 default_server;
    return 444;
}
server {
    # frontend
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name hookahscope.com www.hookahscope.com;
    root /var/www/html/dist;

    # SSL configuration made by certbot
    ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

    location = /sitemap.xml {
        root /var/www/html/public;
    }
    location / {
        try_files $uri /index.html;
    }
}
server {
    # backend
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name api.hookahscope.com;

    # SSL configuration made by certbot
    ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

    location / {
        proxy_pass http://localhost:8081;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}


来源:https://stackoverflow.com/questions/64898424/how-setup-subdomain-in-nginx

标签
node.js
nginx
subdomain
nginx-config
nginx-location
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!