问个AMH面板的问题

xiaow · 发表于 2023-4-13 13:43:07

在小鸡上安装了AMH面板，想实现：
1.类似于宝塔那样的给面板绑定域名开启SSL套上CF访问
2.禁止IP+端口访问，禁止http访问，或者http访问重定向到https
3.解除端口绑定只能绑定8000以上的限制，因为CF支持的端口如果放到8000以上就只剩8443了
以下是写的nginx配置：

server
{
listen 8080;
      listen 8443 ssl http2;
      listen [::]:8443 ssl http2;
listen [::]:8080;
server_name xxx.com;
index index.html index.htm index.php;
root /usr/local/amh-7.0/web;
rewrite ^(/.*)$ https://$host$1 permanent;
ssl_certificate  /usr/local/amh-7.0/etc/ssl/amh.crt;
ssl_certificate_key  /usr/local/amh-7.0/etc/ssl/amh.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497  https://$host$request_uri;
fastcgi_buffer_size 4k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 4k;
gzip off;
if ($host != 'xxx.com')
   {
      return 400;
}

location ~ .*\.php$
      {
            fastcgi_pass unix:/tmp/php-cgi-amh.sock;
            fastcgi_index index.php;
            include fcgi.conf;
      }

      location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
      {
            expires 30d;
      }

      location ~ .*\.(js|css)?$
      {
            expires 12h;
      }

      access_log /usr/local/amh-7.0/logs/amh-access.log combined;
      error_log /usr/local/amh-7.0/logs/amh-error.log crit;
}

借用了一部分宝塔的代码，不知道有没有问题，@Amysql

绑定的http端口是8080 https端口是8443

目前的问题是http加端口访问会跳转到https，但不会加8443端口，需要实现8080跳转到8443

也希望在后台能加入绑定域名关闭http访问的选项供用户选择

Amysql · 发表于 2023-4-15 12:29:58

亲，这个先前已经有答复过了，你在server{}中加return 规则就行，
要禁止就加return 444; 要跳转就加return 301 ……; 就行，类似：

server
{
listen  8888;
listen  [::]:8888;
index index.html index.htm index.php;
root  amh_root/web;
fastcgi_buffer_size 4k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 4k;
gzip off;

return 301 https://$host:8443$request_uri;
....
}

其它别做修改。

		自动登录	找回密码
密码			注册