有一个通配符的dns子域记录。使用仅域验证 SSL 证书。需要以这种方式设置 nginx 重写规则:
http://site.com => https://site.com
http://*.site.com => http://*.site.com
我想是这样的
server {
listen 80;
server_name site.com *.site.com;
if ($host ~* "^([^.]+(.[^.]+)*).site.com$"){
set $subd $1;
rewrite ^(.*)$ http://$subd.site.com$1 permanent;
break;
}
if ($host ~* "^site.com$"){
rewrite ^(.*)$ https://site.com$1 permanent;
break;
}
#rewrite ^ https://$server_name$request_uri? permanent;
charset utf-8;
}
server {
listen 443;
server_name site.com;
ssl On;
ssl_certificate /root/site.com.crt;
ssl_certificate_key /root/site.com.key;
location ~ .php$ {
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/site$fastcgi_script_name;
fastcgi_param QUERY_STRING $args;
include fastcgi_params;
}
location / {
root /var/www/site;
index index.php index.html;
if ($host !~ ^(site.com)$ ) {
return 444;
}
try_files $uri $uri/ /index.php?$args;
}
}
它无限循环。让这个工作的正确方法是什么?
您应该将服务器块重写为两部分。第一部分仅适用于域"site.com",然后重定向到 https第二部分,对于所有其他域,"*.site.com"
server {
listen 80;
server_name site.com;
rewrite ^(.*)$ https://site.com$1 permanent;
}
server {
listen 80;
server_name *.site.com;
#etc... rewrites not necessary
}
所以,你的nginx.conf将是:
服务器 { 听80; server_name site.com; 重写 ^(.*)$ https://site.com$1 永久;}服务器 { 听80; server_name *.site.com; 字符集 UTF-8; #等...}服务器 { 听 443; server_name site.com; 上; ssl_certificate/root/site.com.crt; ssl_certificate_key/根/站点.com.key; 位置 ~ \.php$ { fastcgi_pass 127.0.0.1:8888; fastcgi_index指数.php; fastcgi_param SCRIPT_FILENAME/var/www/site$fastcgi_script_name; fastcgi_param QUERY_STRING $args; 包括fastcgi_params; } 位置/{ 根/var/www/site; 指数指数.php指数.html; if ($host !~ ^(site.com)$ ) { 返回 444; } try_files $uri $uri//index.php?$args; }}