域名配置

一、使用子域名(方案一)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
server {
    listen 80;
    server_name service1.example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name service2.example.com;

    location / {
        proxy_pass http://localhost:4000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

二、使用同一个域名(方案二)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
server {
    listen 80;
    server_name example.com;

    location /service1 {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /service2 {
        proxy_pass http://localhost:4000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

配置ssl证书

1
2
3
4
5
6
7
8
9
10
11
# 1、安装Certbot,Certbot是一个自动化工具,可以帮助你获取和安装SSL证书
# 对于Ubuntu/Debian
sudo apt update
sudo apt install certbot python3-certbot-nginx

# 对于CentOS/RHEL
sudo yum install epel-release
sudo yum install certbot python3-certbot-nginx

# 2. 获取SSL证书,使用Certbot为每个子域名获取SSL证书:
sudo certbot --nginx -d service1.example.com -d service2.example.com

配置nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
server {
    listen 80;
    server_name service1.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name service1.example.com;

    ssl_certificate /etc/letsencrypt/live/service1.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/service1.example.com/privkey.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name service2.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name service2.example.com;

    ssl_certificate /etc/letsencrypt/live/service2.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/service2.example.com/privkey.pem;

    location / {
        proxy_pass http://localhost:4000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

自动续费

1
2
Let's Encrypt的证书有效期为90天。Certbot会自动设置一个cron任务来续期证书。你可以手动测试续期
sudo certbot renew --dry-run
#linux #nginx #ssl
域名配置
http://example.com/2025/01/09/域名配置/
作者
Mr.xu
发布于
2025年1月9日
许可协议