About Nginx configuration Https server after jumping record of problem solving

Enterprise 2019-12-24 16:07:24 views: null

On most servers, we will configure multiple vhost in a Nginx services to maximize the use of server resources. However, after a vhost domain in which to enable HTTPS, found Baidu statistics in real-time visitor or a portal page, there are some requests from other domains. That is, by

https://some-other-domain.com/some-url

来访问对应的

https://www.domain.com/some-url

The result is that Google browser displays a security warning page, which is considered an unsafe website. Because I only have configured SSL certificate www.domain.com, the other domain is not configured.

So, search engines crawlers can not access the normal correct domain name.

Next, we will show you how to solve the problem of thinking and practical operation,

首先,我们来理一下概念:
1)理解空主机头,正是空主机头没有得当配置而导致的;
2)域名=>IP=>端口=>服务;

nginx both a high-performance concurrent Web server, the preferred tool also do the reverse proxy, when we deploy the tool, the default configuration server block (nginx.conf) is, without the specified server_name can be matched any point to the server's domain, that is, as long as you do the a record points to the domain name server's IP or Cname, you can "clone" defalut_server on that server.
We know that nginx is dependent on the vhost server_name routed, but the port may also play the same role.
Therefore, when we configured to https vhost, server_name the vhost non-binding (assumed to be: some-other-domain.com), performed when accessed, due to the empty host header failed to set the https protocol, therefore, will not be able to intercept, then some-other-domain.com be seen as IP, the request will be forwarded to the current server IP: 443, monitor 443 default_server (www.domain.com) naturally return to the content.

Find out the conceptual problems easier, you can configure the host header empty, so there is no clear binding domain server_name, should be blocked.

Specific configuration is as follows:

Open /usr/local/nginx/conf/nginx.conf profiles, modify or add default vhost
Server {

listen 80 default_server;
listen 443 ssl http2;
servername ;
server_name_in_redirect off;
ssl_certificate /path/ssl_cert/ssl.pem;
ssl_certificate_key /path/ssl_cert/ssl.key;
error_page 401 402 403 404 /40x.html;

location = /40x.html {
root html;
}

location / {
return 404;
}
}

OK, now more vhost enable https is not afraid of the bounce.

Guess you like

Origin blog.51cto.com/uppower/2461159
Recommended
Ranking
Enter the root node and an integer of a binary tree, and print out all paths where the sum of the node values in the binary tree is the input integer. Pop explanation in.
HTTP, HTTPS, FTP und TCP im Detail erklärt: die Funktionen und Eigenschaften der Protokolle
[Study notes] Berlekamp-Massey
Some insights as a junior front-end developer
[linux command] echo command and usage tips
Verilig-- state machine
Knowing the center point coordinates, angle, half length, and half width of Retangle2, calculate the four vertex coordinates and the midpoint coordinates of the four line segments
【uniapp】Google Maps
Unity uses Camera to make a small map display, and players can reach any location by clicking the small map
algorithmic analysis
Daily
More
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)
2024-07-19(0)
2024-07-18(0)
2024-07-17(0)
2024-07-16(0)
2024-07-15(0)
2024-07-14(0)
2024-07-13(0)

Code World

© 2018 codetd.com