Trợ giúp tắt https cho subdomain


(Viet) #1

Bác nào giúp em với. Tính hình là e mua SSL comodo 1 domain và chỉ dùng cho domain chính. Giờ e tạo subdomain để chạy xenforo (nhưng em không cần https). Nhưng mỗi khi truy cập subdomain thì nó toàn trỏ về domain chính. Đây là file cấu hình của em.

server {
listen 443 ssl;
server_name www.hocpianoonline.com;

SSL

ssl_certificate /etc/ssl/hocpianoonline_com.crt;
ssl_certificate_key /etc/ssl/hocpianoonline.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers ‘ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS’;
rewrite ^(.*) https://hocpianoonline.com$1 permanent;
}

server {
listen 80;

server_name hocpianoonline.com www.hocpianoonline.com;
rewrite ^(.*) https://hocpianoonline.com$1 permanent;
}

server {
listen 443 ssl default_server;

access_log off;

access_log /home/hocpianoonline.com/logs/access.log;

error_log off;

error_log /home/hocpianoonline.com/logs/error.log;

root /home/hocpianoonline.com/public_html;

index index.php index.html index.htm;
server_name hocpianoonline.com;

# SSL
ssl_certificate /etc/ssl/hocpianoonline_com.crt;
ssl_certificate_key /etc/ssl/hocpianoonline.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers ‘ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS’;

# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;

# DH parameters
ssl_dhparam /etc/nginx/ssl/dhparam.pem;

# Enable HSTS
add_header Strict-Transport-Security "max-age=31536000" always;

location / {
try_files $uri $uri/ /index.php?$args;

}

Custom configuration

include /home/hocpianoonline.com/public_html/*.conf;

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
	include /etc/nginx/fastcgi_params;
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_index index.php;
fastcgi_connect_timeout 1000;
fastcgi_send_timeout 1000;
fastcgi_read_timeout 1000;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 45.77.23.226;
deny all;
}

location /php_status {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
allow 127.0.0.1;
allow 45.77.23.226;
deny all;
}

Disable .htaccess and other hidden files

location ~ /.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
}

location = /favicon.ico {
        log_not_found off;
        access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~* .(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
gzip_static off;
add_header Pragma public;
add_header Cache-Control “public, must-revalidate, proxy-revalidate”;
access_log off;
expires 30d;
break;
}

location ~* \.(txt|js|css)$ {
    add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}

}

server {
listen 2018 ssl;

access_log off;
log_not_found off;
error_log /home/hocpianoonline.com/logs/nginx_error.log;

root /home/hocpianoonline.com/private_html;

index index.php index.html index.htm;
server_name hocpianoonline.com;

 error_page 497 https://$server_name:$server_port$request_uri;

# SSL
ssl_certificate /etc/ssl/hocpianoonline_com.crt;
ssl_certificate_key /etc/ssl/hocpianoonline.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers ‘ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS’;

auth_basic “Restricted”;
auth_basic_user_file /home/hocpianoonline.com/private_html/hocvps/.htpasswd;

location / {
autoindex on;
try_files $uri $uri/ /index.php;

}

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
	include /etc/nginx/fastcgi_params;
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_index index.php;
fastcgi_connect_timeout 1000;
fastcgi_send_timeout 1000;
fastcgi_read_timeout 1000;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

location ~ /. {
deny all;
}
}


(duy) #2

subdomain bạn là gì?
PM skype mình nếu còn cần