我有一个运行有两个子域的Nginx服务器.其中一个使用proxy_pass将所有内容重定向到Meteor应用程序,另一个子域仅使用Laravel,但位于与普通域不同的目录中.
因此,当我启动./letsencrypt-auto时,两个子域都收到以下错误消息:
Failed authorization procedure. subdomain.mydomain.com (http-01): urn:acme:error:unauthorized ::
The client lacks sufficient authorization :: Invalid response from http://subdomain.mydomain.com/.well-known/acme-challenge/xyzxyzxy_xzyzxyxyyx_xyzyxzyxz: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
我对此的解释是,它不起作用,因为我的Laravel-Subdomain不在/var/www/domain.com/html中,而在/ var / www / laravel / html中,而我的Meteor-Application在其他地方和ngnix只是代理通过了.
所以我的问题是:我可以将两个子域的/.well-known/acme-challenge重定向到真实的/.well-known,以便letencrypt-auto不会引发此错误吗?
更多信息:
我试过了
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt-auto;
}
但这没用…
配置我的Meteor子域:
server {
listen 80;
listen [::]:80;
# SSL configuration
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
[…] SSL stuff […]
server_name meteor.domain.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~ /.well-known {
allow all;
}
}
为我的Laravel子域配置:
server {
listen 80;
server_name laravel.domain.com;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
[…] SSL stuff […]
root /var/www/laravel/html;
location / {
try_files $uri $uri/ /index.PHP$is_args$args;
}
location ~ /.well-known {
allow all;
}
location ~ \.(hh|PHP)${
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.PHP;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
最佳答案