Answer the question
In order to leave comments, you need to log in
S
S
Sergey Ganzhela2017-04-27 19:55:16
Sergey Ganzhela, 2017-04-27 19:55:16
Setting up https on nginx + subdomain?
Good afternoon! You need to change your site to https. how to translate the site itself (built on CMS (Mezazini) python cms) is understandable, but on this site the static is on a subname like static.example.com and in the future it is planned that there will be many subnames when you generate an ssl key, server_name is explicitly indicated there, and how to specify that this the key acted on everything poddamenyu Here is the initial config.
server {
listen 80;
server_name example.com;
access_log /var/log/nginx/stp.access.log;
error_log /var/log/nginx/stp.error.log;
client_max_body_size 64m;
location / {
uwsgi_pass unix:///tmp/stp.sock;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
#
}
location /static/ {
alias /home/alx/stp/static/;
}
}
server {
server_name www.example.com ;
return 301 $scheme://example.com$request_uri;
}
server {
listen 80;
server_name static.example.com;
access_log /var/log/nginx/static.stp.access.log;
error_log /var/log/nginx/static.stp.error.log;
#location ~* \.(eot|ttf|woff|woff2)$ {
# add_header Access-Control-Allow-Origin *;
#}
location / {
add_header Access-Control-Allow-Origin *;
alias /home/alx/stp/static/;
}
}
server {
listen 80;
server_name *.example.com;
access_log /var/log/nginx/stp.access.log;
error_log /var/log/nginx/stp.error.log;
location / {
uwsgi_pass unix:///tmp/landing.sock;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
}
location /static/ {
alias /home/alx/stp/static/;
}
}in fact, an attempt was made to translate the truth without taking into account the sub-names
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
rewrite ^ https://example.com$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/nginx/snippets/ssl;
if ($host !~* ^(example.com)$ ){return 444;}
if ($request_method !~ ^(GET|HEAD|POST)$ ){return 444;}
access_log /var/log/nginx/stp.access.log;
error_log /var/log/nginx/stp.error.log;
client_max_body_size 64m;
location / {
uwsgi_pass unix:///tmp/stp.sock;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
#
}
location /static/ {
alias /home/alx/stp/static/;
}
}
server {
server_name www.example.com ;
return 301 https://example.com$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name static.example.com;
rewrite ^ https://static.example.com$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name static.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/nginx/snippets/ssl;
access_log /var/log/nginx/static.stp.access.log;
error_log /var/log/nginx/static.stp.error.log;
#location ~* \.(eot|ttf|woff|woff2)$ {
# add_header Access-Control-Allow-Origin *;
#}
location / {
add_header Access-Control-Allow-Origin *;
alias /home/alx/stp/static/;
}
}everything seems to be starting up, so the statics from the subdamen are not loaded styles and everything like that a couple of pictures are loaded and that’s all * (it’s strange somehow) and what about future subdamens what to do how to generate a key so that it acts on all subdamens. static.example.com I generated along with the main domains, maybe because of this it is not loaded at all, an ambush. Logs do not show anything that could at least somehow suggest an idea
1 answer(s)
@Sergiy_Hanzhela
all you have to do is write the logic in the locations if you really want to send from another server.
In this case, you will only need a certificate for the front and that's it.
BUT in general nginx can automatically load balance the backends.
what name do you need from subdomains, because you essentially lose "weight" by giving it to subdomains.
V
Viktor Taran, 2017-04-28 @Sergiy_Hanzhela
Sorry for the stupid question, but why do you have static on the subdomain because you have nginx and there is simply no point in this.
In addition to permanent hemorrhoids?
Now for all domains, it's all just you need a different key.
Do you make them self-signed, I hope?
and something like this (here I wrote under Bitrix)
https://klondike-studio.ru/blog/bitrix-virtualnaya...
If self-signed, then there is about zero sense from such certificates.
If I were you, I would make it easier.
nginx gives normal urls,
stream {
upstream stream_backend {
zone tcp_servers 64k;
server 192.168.55.201:3308;
server 192.168.55.202:3308;
server 192.168.55.203:3308;
}all you have to do is write the logic in the locations if you really want to send from another server.
In this case, you will only need a certificate for the front and that's it.
BUT in general nginx can automatically load balance the backends.
what name do you need from subdomains, because you essentially lose "weight" by giving it to subdomains.
Similar questions
E
K
A
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question