nginx的default_site似乎没有工作
我已经将docker中的nginx作为反向代理运行了一段时间,而且它运行起来非常奇妙,缺less一个我最近看到的小问题。
我想要的是:当用户到达我的nginx服务器并且没有为该URL指定一个.conf文件时,404/444或其他一些HTTP连接丢失的响应。
我所看到的:当用户导航到sudomain.url.com并且该子域未在我的任何* .conf文件中指定时,nginx使用它find的第一个conf文件 – 忽略default.conf。 在下面find我的细节。
任何其他的提示/技巧,你可以提供将是真棒!
nginx.conf:
user nginx; worker_processes 1; error_log /etc/nginx/log/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /etc/nginx/log/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 70; #gzip on; include /etc/nginx/conf.d/*.conf; } default.conf:
server { server_name _; listen 80 default_server; return 444; } server { server_name _; listen 443 default_server; return 444; }
一个conf文件的例子(可能有十几个):
server { listen sub.domain.com:80; server_name sub.domain.com; return 302 https://sub.domain.com$request_uri; } server { listen sub.domain.com:443; server_name sub.domain.com; ssl_certificate /etc/nginx/keys/ssl.pem; ssl_certificate_key /etc/nginx/keys/ssl.key; ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC4-SHA'; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/keys/dhparams.pem; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_pass http://10.0.1.4:81; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
我没有真正testing过,但我的直觉是你的listen指令不应该包含主机名。 它们应该包含您想要监听的接口的IP地址以及您要监听的端口。 然后,对于每个不同的端口/ IP组合,您可以将其中的一个指定为默认值。
只有在parsing了请求到达哪个IP地址以及哪个端口被打开之后,nginx才开始实际处理请求。 这里的第一步是检查主机头,如果它find一个匹配的服务器块的主机头的值,那么这是它应该路由的地方。 如果它没有find一个,那么它应该路由到默认值。
如果没有收到主机头,那么我认为,在更新的nginx版本中,它会丢弃请求,但是之前只是通过发送到IP /端口组合的默认服务器来处理这个请求。
下面是一个nginx.conf,它为我提供了指定服务器的工作端点,并返回了其他所有内容。 由于HSTS标题,你需要点击test.se {1,2,3,4} .home-v.ind.in才能看到它的工作,否则你只会回到浏览器错误。
user nginx; worker_processes auto; error_log stderr notice; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 300s; ssl_certificate /etc/pki/nginx/fullchain.pem; ssl_certificate_key /etc/pki/nginx/privkey.pem; ssl_dhparam /etc/pki/nginx/dhparams.pem; ssl_protocols TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_buffer_size 1400; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/pki/nginx/fullchain.pem; add_header "Cache-Control" "no-transform"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s; resolver_timeout 2s; server { listen 80 default_server; server_name _; return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name test.se1.home-v.ind.in; root /usr/share/nginx/html; location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; } location /robots.txt { satisfy any; allow all; add_header Content-Type text/plain; return 200 "User-agent: *\nDisallow: /\n"; } location / { satisfy any; allow all; add_header Content-Type text/plain; return 200 "Test Site 1"; } } server { listen 443 ssl http2; server_name test.se2.home-v.ind.in; root /usr/share/nginx/html; location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; } location /robots.txt { satisfy any; allow all; add_header Content-Type text/plain; return 200 "User-agent: *\nDisallow: /\n"; } location / { satisfy any; allow all; add_header Content-Type text/plain; return 200 "Test Site 2"; } } server { listen 443 ssl http2 default_server; server_name _; root /usr/share/nginx/html; location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; } location / { return 404; } } }