这是我真正支持 SSL 的域 --> https://www.wknet.se/
这是我的无 cookie 域 --> http://cdnwknet.com/
我希望我的真实网站在设置完成后看起来像这样 --> wknet.se/?style。
在<head>我的真实站点中,我有这个 --> <link rel="stylesheet" href="http://cdnwknet.com/wk-templates/css/bootstrap.3.2.0.min.css" media="all">。如您所见,我将静态 css 文件指向我的 cookie 免费域。
我的 cookie 免费域的配置文件如下所示:
server {
listen 80;
listen [::]:80;
server_name www.cdnwknet.com;
return 301 http://cdnwknet.com$request_uri;
}
server {
listen 80;
server_name cdnwknet.com;
root /var/www/cdnwknet.com/html;
index index.php index.html index.htm;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
charset utf-8;
if ( $request_uri ~ ^(/index\.php)$ ) {
return 301 http://cdnwknet.com;
}
location / {
try_files $uri $uri/ =404;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
fastcgi_hide_header Set-Cookie;
tcp_nodelay off;
break;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location = /error/403.html {
root /var/www/cdnwknet.com/html;
allow all;
}
location = /error/404.html {
root /var/www/cdnwknet.com/html;
allow all;
}
}
在我的真实域的 DNS 设置中,我添加了一个 CNAME,如下图所示 ---> i.stack.imgur.com/y0BkE.jpg
我正在使用 DigitalOcean 和我的真实站点,并且无 cookie 域位于同一个 Droplet(服务器)上。无 cookie 域与我的真实域具有相同的 IP 地址。
现在,我在这里缺少什么,我的 cookie 免费域配置是否正确?
如果需要更改,这是我的真实域的配置:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name wknet.se www.wknet.se;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://www.wknet.se$request_uri;
}
server {
listen 443 ssl;
server_name wknet.se;
ssl_certificate /etc/nginx/ssl/SSL.crt;
ssl_certificate_key /etc/nginx/ssl/KEY.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
return 301 https://www.wknet.se$request_uri;
}
server {
listen 443 ssl;
server_name www.wknet.se;
root /var/www/wknet.se/html;
index index.php index.html index.htm;
ssl_certificate /etc/nginx/ssl/SSL.crt;
ssl_certificate_key /etc/nginx/ssl/KEY.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
charset utf-8;
if ( $request_uri ~ ^(/index\.php)$ ) {
return 301 https://www.wknet.se;
}
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
error_log off;
log_not_found off;
}
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
log_not_found off;
expires 365d;
add_header Cache-Control "public, max-age=315360000";
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|png|gif|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location ~* \.(7z|ai|class|css|csv|ejs|eps|flv|html?|jar|jpe?g|js|json|lzh|m4a|m4v|mov|mp3|pdf|pict|pls|ps|psd|swf|tiff?|txt|webp)$ {
access_log off;
log_not_found off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /error/403.html {
root /var/www/wknet.se/html;
allow all;
}
location = /error/404.html {
root /var/www/wknet.se/html;
allow all;
}
}