我在apache网络服务器上有一些站点,可以说:
site1.com site2.com site3.com
apache正在监听80和443,并且每个虚拟主机的配置如下:
<VirtualHost site1.com:80>
ServerName site1.com
ServerAlias site1.com
ServerAdmin webmaster@site1.com
DocumentRoot /data/site1
<Directory /data/site1>
AllowOverride All
Options -MultiViews +FollowSymLinks
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/site1.com_error.log
CustomLog ${APACHE_LOG_DIR}/site1.com_access.log combined
</VirtualHost>
<VirtualHost site1.com:443>
ServerName site1.com
ServerAlias site1.com
ServerAdmin webmaster@site1.com
DocumentRoot "/data/site1"
#more ssl config ...
</VirtualHost>
现在我在site1.com的顶部配置了一个nginx反向代理-因此将DNS更改为将site1.com指向nginx,并在nginx上进行了此配置:
server {
listen site1.com:80;
server_name site1.com;
expires 0;
status_zone site1.com;
if ($host !~ ^(site1.com)$ ) {
return 444;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location '/.well-known/acme-challenge' {
root /etc/nginx/html/certbot;
}
location / {
rewrite ^/(.*) https://site1.com/$1;
}
}
server {
listen site1.com:443 ssl;
server_name site1.com;
ssl_certificate /etc/letsencrypt/live/site1.com,/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
expires 0;
status_zone site1.com;
if ($host !~ ^(site1.com)$ ) {
return 444;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location '/.well-known/acme-challenge' {
root /etc/nginx/html/certbot;
}
location / {
proxy_pass http://apache_server_IP:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
因此nginx充当反向代理并且工作正常-一天后,我在site1.com上看到了site2.com上的内容
我检查了nginx是否发送了正确的主机头-在nginx-config proxy_set_header中设置了$ host主机,并且nginx发送了正确的主机头(使用%{Host} i扩展Apache日志记录)
这样我就可以在site2.com的日志中看到对site1.com的请求,并带有这样的条目
site1.com $ nginx_IP--[07 / Nov / 2019:10:07:29 +0100]“ GET / HTTP / 1.1” 302313“-”“ Mozilla / 5.0(Windows NT 10.0; WOW64)AppleWebKit / 537.36(KHTML,例如Gecko)Chrome / 77.0.3865.120 Safari / 537.36“
使用此LogFormat:
LogFormat "%{Host}i %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
我的解决方案是删除site2和site3的listen:80-现在,当nginx在端口80上发出请求时,仅剩一个虚拟主机(site1)-缺点:site2和site3现在只能通过https(不是一个真正的问题,但我希望他们听80并再次重定向到443)
我不知道问题出在哪里-apache是在骗我吗?