1. 參考這裡設定第一個網站:
https://blog.johnwu.cc/article/centos-asp-net-core-neginx.html
注意, 文章中有一個錯誤:
/etc/nginx/conf.d/my-website.conf 的第 27 行, 應該是 include /etc/nginx/conf.d/default_proxy_settings;

2.  因為要避開 5000 port, 所以修改第二個網站的 appsettings.json, 讓第二個網站開在 5002 port, 如下.

{

"Logging": {

    "LogLevel": {

     "Default": "Information",

     "Microsoft": "Warning",

     "Microsoft.Hosting.Lifetime": "Information"

    }

},

"Kestrel": {

        "EndPoints": {

                "Http": {

                        "Url": "http://localhost:5002"

                }

        }

},

"AllowedHosts": "*"

}

3. 新增 /etc/nginx/conf.d/my-website2.conf, 要注意
    A. portal2
    B. server localhost:5002
    C. server_name coretest2.bike.idv.tw
    當然 SSL 憑証的檔名也要記得改.

upstream portal2 {

    # localhost:5000 改成 ASP.NET Core 所監聽的 Port

    server localhost:5002;

}



server {

    # 只要是透過這些 Domain 連 HTTP 80 Port，都會轉送封包到 ASP.NET Core

    listen 80;

    # 可透過空白區分，綁定多個 Domain

    server_name coretest2.bike.idv.tw;

    location / {

        proxy_pass http://portal2/;

        include /etc/nginx/conf.d/default_proxy_settings;

    }

}



# 用 HTTPS 必須要有 SSL 憑證，如果沒有要綁定 SSL 可以把下面整段移除

server {

    # 只要是透過這些 Domain 連 HTTPS 443 Port，都會轉送封包到 ASP.NET Core

    listen 443 ssl;

    server_name coretest2.bike.idv.tw;

    ssl_certificate /etc/nginx/ssl/coretest2.bike.idv.tw.crt;

    ssl_certificate_key /etc/nginx/ssl/coretest2.bike.idv.tw.key;



    location / {

        proxy_pass http://portal2/;

        include /etc/nginx/conf.d/default_proxy_settings;

    }

}

改完後就可以用了.

以下是 https://blog.johnwu.cc/article/centos-asp-net-core-neginx.html 抄過來的一些檔案, 作為備份:

setup-aspnet-core.sh

#!/bin/bash



main() {

    sudo yum -y install epel-release

    sudo yum -y update



    install_nginx

    install_dotnet



    sudo firewall-cmd --add-service=http --permanent

    sudo firewall-cmd --add-service=https --permanent

    sudo firewall-cmd --reload

}



install_nginx() {

    echo "###################################"

    echo "########## Install Nginx ##########"

    echo "###################################"

    sudo yum -y install httpd-tools nginx

    sudo setsebool -P httpd_can_network_connect on

    sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

    sudo setenforce 0

    sudo systemctl enable nginx

    sudo systemctl restart nginx

}



install_dotnet() {

    echo "###########################################"

    echo "########## Install .NET Core 2.2 ##########"

    echo "###########################################"

    sudo rpm -Uvh https://packages.microsoft.com/config/rhel/7/packages-microsoft-prod.rpm

    sudo yum -y install aspnetcore-runtime-2.2

}



main "$@"

用以下指令執行:

sudo sh setup-aspnet-core.sh

/etc/systemd/system/my-website.service, (/bin/dotnet 有可能是 /usr/bin/dotnet)

[Unit]

# Description=<此服務的摘要說明>

Description=MyWebsite



[Service]

# WorkingDirectory=<ASP.NET Core 專案目錄>

WorkingDirectory=/usr/share/my-website



# ExecStart=/bin/dotnet <ASP.NET Core 起始 dll>

ExecStart=/bin/dotnet MyWebsite.dll



# 啟動若失敗，就重啟到成功為止

Restart=always

# 重啟的間隔秒數

RestartSec=10



# 設定環境變數，注入給 ASP.NET Core 用

Environment=ASPNETCORE_ENVIRONMENT=Production

Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false



[Install]

WantedBy=multi-user.target

服務相關指令：

# 開啟，開機自動啟動服務

systemctl enable my-website.service



# 關閉，開機自動啟動服務

systemctl disable my-website.service



# 啟動服務

systemctl start my-website.service



# 重啟服務

systemctl restart my-website.service



# 停止服務

systemctl stop my-website.service



# 查看服務狀態

systemctl status my-website.service

/etc/nginx/conf.d/default_proxy_settings

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection $http_connection;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Host $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_cache_bypass $http_upgrade;

/etc/nginx/conf.d/my-website.conf

upstream portal {

    # localhost:5000 改成 ASP.NET Core 所監聽的 Port

    server localhost:5000;

}



server {

    # 只要是透過這些 Domain 連 HTTP 80 Port，都會轉送封包到 ASP.NET Core

    listen 80;

    # 可透過空白區分，綁定多個 Domain

    server_name demo.johnwu.cc example.johnwu.cc;

    location / {

        proxy_pass http://portal/;

        include /etc/nginx/conf.d/default_proxy_settings;

    }

}



# 用 HTTPS 必須要有 SSL 憑證，如果沒有要綁定 SSL 可以把下面整段移除

server {

    # 只要是透過這些 Domain 連 HTTPS 443 Port，都會轉送封包到 ASP.NET Core

    listen 443 ssl;

    server_name demo.johnwu.cc;

    ssl_certificate /etc/nginx/ssl/demo.johnwu.cc_bundle.crt;

    ssl_certificate_key /etc/nginx/ssl/demo.johnwu.cc.key;



    location / {

        proxy_pass http://portal/;

        include /etc/nginx/conf.d/default_proxy_settings;

    }

}

Nginx 重新啟動:

# 檢查 Nginx 的設定是否有誤

nginx -t



# 若沒有錯誤，即可套用

nginx -s reload

客戶要求
1. 檔案只能放在 Firewall 內的後台用 Web server (Server A).
2. 使用者只能存取 DMZ 的 Web server (Server B).
3. Server B 只能用 HTTP 通過 Firewall 向 Server A 要資料.(i.e.  Server B 不能掛戴 Server A 的目錄成為虛擬目錄)

所以在 Server B 上面建立了一支程式用 HTTP 的方式讀取 Server A 的檔案再寫出去.

例如, http://ServerB/Upload/test.pdf 會讀取 http://ServerA/Upload/test.pdf 再送到 Client 端

namespace WWW.Controllers

{

    public class UploadController : Controller

    {

        // GET: Upload

        public void Index(string Filename)

        {

            //Create a stream for the file

            Stream stream = null;



            //This controls how many bytes to read at a time and send to the client

            int bytesToRead = 10000;



            // Buffer to read bytes in chunk size specified above

            byte[] buffer = new Byte[bytesToRead];



            string url = "http://admin-dev.nanya.bike.idv.tw/newnanyaback/Upload/" + Filename;



            // The number of bytes read

            try

            {

                //Create a WebRequest to get the file

                HttpWebRequest fileReq = (HttpWebRequest)HttpWebRequest.Create(url);



                //Create a response for this request

                HttpWebResponse fileResp = (HttpWebResponse)fileReq.GetResponse();



                if (fileReq.ContentLength > 0)

                    fileResp.ContentLength = fileReq.ContentLength;



                //Get the Stream returned from the response

                stream = fileResp.GetResponseStream();



                // prepare the response to the client. resp is the client Response

                var resp = HttpContext.Response;



                if (Filename.ToLower().EndsWith(".png") ||

                    Filename.ToLower().EndsWith(".jpg") ||

                    Filename.ToLower().EndsWith(".jpeg") ||

                    Filename.ToLower().EndsWith(".gif")

                    )

                {

                    resp.ContentType = "image";

                }

                else

                {

                    //Indicate the type of data being sent

                    resp.ContentType = "application/octet-stream";



                    //Name the file

                    resp.AddHeader("Content-Disposition", "attachment; filename=\"" + HttpUtility.UrlEncode(Filename, Encoding.UTF8) + "\"");

                }



                resp.AddHeader("Content-Length", fileResp.ContentLength.ToString());



                int length;

                do

                {

                    // Verify that the client is connected.

                    if (resp.IsClientConnected)

                    {

                        // Read data into the buffer.

                        length = stream.Read(buffer, 0, bytesToRead);



                        // and write it out to the response's output stream

                        resp.OutputStream.Write(buffer, 0, length);



                        // Flush the data

                        resp.Flush();



                        //Clear the buffer

                        buffer = new Byte[bytesToRead];

                    }

                    else

                    {

                        // cancel the download if client has disconnected

                        length = -1;

                    }

                } while (length > 0); //Repeat until no data is read

            }

            finally

            {

                if (stream != null)

                {

                    //Close the input stream

                    stream.Close();

                }

            }

        }

    }

}

但不是這樣就好了, 在 RouteConfig.cs 中要加上:
            routes.MapRoute(
                name: "Upload",
                url: "Upload/{filename}",
                defaults: new { controller = "Upload", action = "Index", filename = UrlParameter.Optional }
            );

此外在 Web.Config 中也要加上:

  <system.webServer>
    <handlers>
      <add name="UrlRoutingHandler_Upload"
           type="System.Web.Routing.UrlRoutingHandler, 
               System.Web, Version=4.0.0.0, 
               Culture=neutral, 
               PublicKeyToken=b03f5f7f11d50a3a"
           path="/Upload/*"
           verb="GET"/>
    </handlers>
  </system.webServer>

參考:
http://stackoverflow.com/questions/5596747/download-stream-file-from-url-asp-net

http://blog.darkthread.net/post-2014-12-05-mvc-routing-for-url-with-filename.aspx

2016 / 10 / 30 搬機房, 有幾件事沒有做好, 記錄一下:

1. Firewall 沒設定好, 下次要一中兩個人一起設定.

2. 有一個客戶的 DNS 等了一整天才生效, 要檢查所有網站的 TTL 和  Refresh 時間, 最好都在一個小時以內.

3. Email 主機: 有些客戶原來是用 msa.hinet.net 這個 SMTP, 搬到非 Hinet 的機房後就不能寄信了.

4. 某一個客戶的 DNS 沒改好, 因為在自已的 DNS Server 上面看到有記錄, 就誤判是我們代管的, 應該要用 Hinet 或 Google 來確認 NS Record 為何. 已刪除它的 DNS  記錄.

5. 202 的 .8 網路線沒插好, 主機開起來後, 要確認可以從每一個介面 Ping 出去.

6. 新 Firewall , 內部 IP 無法連到 Virtual Server: --> 要由內部 IP 連線到 Virtual Server 測試. 最好是在 hosts 上面都有 127.0.0.1 的設定.

7. 最好不要在下半年換機房, 比較忙, 客戶的活動也比較多.

8. Windows 的 DNS 若是直接修改 DNS 檔案. 因為 SOA 的序號沒有修改, 所以 Client 伺服器要手動重新讀取資料.

9. 要記得改 TWNIC 的 DNS Server設定.

1. 打開 Service/Firewall
 

2. 按下最上方的 +
 

3. 填入 source 並把 Action 改為 Deny，再按下右上方的 "Apply" 即可。