设置同一个域名内外网分别访问对应的ip
搞了HomeAssistant的外网访问后,内外网访问需要不同的地址,导致一些不必要的麻烦。通过host+nginx配置可以实现同一个域名内网下访问内网ip,外网访问外网ip
内网host配置
192.168.31.51 Smartplugconnect.phicomm.com
192.168.31.51 minipc.yzapp.cn
192.168.31.51 hass.yzapp.cn
192.168.31.51 docker.yzapp.cn
192.168.31.51 kodi.yzapp.cn
内网nginx配置(除了proxy_pass基本和外网的服务器配置一样)
...
stream {
upstream ssh {
server 127.0.0.1:22;
}
server {
listen XXX;
proxy_pass ssh;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
}
http {
...
server {
listen 443;
server_name hass.yzapp.cn; #填写绑定证书的域名
ssl on;
ssl_certificate /usr/local/nginx/conf/1_hass.yzapp.cn_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/2_hass.yzapp.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8123;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
server {
listen 443;
server_name docker.yzapp.cn; #填写绑定证书的域名
ssl on;
ssl_certificate /usr/local/nginx/conf/1_docker.yzapp.cn_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/2_docker.yzapp.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
server {
listen 443 ssl;
server_name kodi.yzapp.cn; #填写绑定证书的域名
# ssl on;
ssl_certificate C:/Users/nesto/soft/nginx-1.18.0/conf/1_kodi.yzapp.cn_bundle.crt;
ssl_certificate_key C:/Users/nesto/soft/nginx-1.18.0/conf/2_kodi.yzapp.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
server {
listen 80;
server_name kodi.yzapp.cn;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 80;
server_name hass.yzapp.cn;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 80;
server_name docker.yzapp.cn;
rewrite ^(.*)$ https://$host$1 permanent;
}
...
}