Nginx
在 nginx 中使用萬用字元證書的多個 SSL 虛擬主機
我有兩個主機名共享同一個域名,我想通過 HTTPs 提供服務。我有一個萬用字元 SSL 證書並創建了兩個虛擬主機配置:
主機 A
listen 127.0.0.1:443 ssl; server_name a.example.com; root /data/httpd/a.example.com; ssl_certificate /etc/ssl/wildcard.cer; ssl_certificate_key /etc/ssl/wildcard.key;
主機 B
listen 127.0.0.1:443 ssl; server_name b.example.com; root /data/httpd/b.example.com; ssl_certificate /etc/ssl/wildcard.cer; ssl_certificate_key /etc/ssl/wildcard.key;
但是,我為任一主機名提供了相同的虛擬主機。
您需要從 ssl 偵聽/配置部分拆分虛擬主機:
聽力部分:
server { listen 127.0.0.1:443 default_server ssl; server_name _; ssl_certificate /etc/ssl/wildcard.cer; ssl_certificate_key /etc/ssl/wildcard.key; }
現在虛擬主機:
server { listen 127.0.0.1:443; server_name a.example.com; root /data/httpd/a.example.com; } server { listen 127.0.0.1:443; server_name b.example.com; root /data/httpd/b.example.com; }
它實際上在手冊中進行了解釋:http: //nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names
ssl_certificate /etc/ssl/wildcard.cer; ssl_certificate_key /etc/ssl/wildcard.key; server { listen 443 ssl; server_name a.example.com; root /data/httpd/a.example.com; } server { listen 443 ssl; server_name b.example.com; root /data/httpd/b.example.com; }
現在,如果您有許多站點,我建議將它們全部儲存在一個文件夾中,僅將上面的 server{} 部分儲存在單個文件中,並在主文件中使用 include 指令來載入所有站點:
ssl_certificate /etc/ssl/wildcard.cer; ssl_certificate_key /etc/ssl/wildcard.key; include /etc/nginx/conf.d/subfolder/*;