我有一个闪亮的服务器应用程序使用aws ec2 &Route53, nginx &;ssl的Certbot。现在我的域名被应用程序使用。我想有一个静态的主页来欢迎用户,并提供登录到应用程序的访问。目的是有一个主页介绍,所以它可以被谷歌索引。我可以使用一个域(为两个应用程序和网页)?我应该如何定义和管理我的域?
希望我的问题足够清楚。提前感谢
我忘了说我的静态网站是在aws s3桶上(而不是在ec2 +nginx服务器上)。我不确定定义nginx.conf的语法。下面是nginx.conf现在正常工作的方式:
server {
listen 80;
listen [::]:80;
# redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
# listen 443 means the Nginx server listens on the 443 port.
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/letsencrypt/live/app.mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.mydomain/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
ssl_dhparam /etc/nginx/snippets/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES12>
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/app.mydomain/chain.pem;
# Replace it with your (sub)domain name.
server_name app.mydomain;
# The reverse proxy, keep this unchanged:
location / {
proxy_pass http://localhost:3838;
proxy_redirect http://localhost:3838/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
proxy_buffering off;
}
}
如果我理解了@AlexStoneham,我需要添加这样的东西:
server{
server_name mydomain;
location / {
proxy_pass $scheme://$host.s3-website-eu-central-1.amazonaws.com$request_uri
}
}
但是这个加法不起作用。我应该添加443侦听器块并重新添加SSL证书吗?
应用程序。我的域名是闪亮的应用程序,现在工作良好。我的域名应该指向s3静态网页。
感谢在nginx配置文件中使用nginx服务器块用route53 conf
设置子域利用像app.yourdomain.com这样的子域名去到配置了nginx的闪亮应用,在一个服务器块中为闪亮的应用提供服务。设置另一个子域,如www.yourdomain.com,以转到配置nginx的静态页面,以在另一个服务器块中提供静态页面。
看:https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-routing-traffic-for-subdomains.html查看route53的详细信息
:https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/查看nginx的详细信息
nginx.conf是ok的,不需要添加任何东西,因为静态网页是在s3桶上,而不是在nginx/ec2。
问题是,在我多次尝试的其中一次中,我制作了一个"mydomain"的证书。这与s3存储桶的名称相同。当试图通过route53 (s3端点是http而不是https)将我的s3桶与该域名链接时,发生冲突并产生问题。
解决方案是从我的ec2服务器上删除特定的ssl证书(上面有nginx):
$ sudo certbot certificates #shows the exist certificates
$ sudo certbot delete #choose the certificate to delete, in my case: "mydomain"