问题
I have installed SSL successfully for my main domain eg. domain.net and www.domain.net
I am now trying to enable SSL into the blog on the website eg. blog.domain.net and www.blog.domain.net
I have gone through the installation and everything has been a success, however after restarting nginx when I visit 'blog.domain.net.conf' it is returning a '403 Forbidden' error now.
I have tried doing:
sudo chown -R root:root /usr/share/nginx/html/*
sudo chown -R dev:dev /usr/share/nginx/html/*
sudo chmod -R 0755 /usr/share/nginx/html/*
along with checking permissions of the site root but nothing is effecting it. The only thing I can think of that is different between the main domain and the blog is that I do have an ssl.conf file located in my conf.d/ folder that is only specifying the main domain.. do I need to add the blog into this file as well? If so, how can I add more than one domain into it if they share different paths?
SSL.CONF
server {
listen 443 http2 ssl;
server_name domain.net www.domain.net;
ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem;
########################################################################
# from https://cipherli.st/ #
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html #
########################################################################
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
##################################
# END https://cipherli.st/ BLOCK #
##################################
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location ~ /.well-known {
allow all;
}
# The rest of your server block
root /var/www/domain.net/html;
index index.php index.html index.htm;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I am also doing a proxy pass for the sub-domain/blog blog.conf
# upstream ghost {
# server 127.0.0.1:2000;
# }
server {
listen 80;
server_name blog.domain.net www.blog.domain.net;
access_log /var/log/nginx/ghost.access.log;
error_log /var/log/nginx/ghost.error.log;
return 301 https://$server_name$request_uri;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location ^~ /.well-known {
allow all;
root /var/www/blog.domain.net/html;
}
location / {
proxy_pass http://127.0.0.1:2000;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-blog.domain.net.conf;
include snippets/ssl-params.conf;
}
Could my proxy pass be what is affecting this? Any help is appreciated!
来源:https://stackoverflow.com/questions/42235571/do-i-need-two-separate-ssl-conf-files-if-i-am-hosting-multiple-domains-on-same-s