Nginx

在 nginx 中使用萬用字元證書的多個 SSL 虛擬主機

  • June 10, 2014

我有兩個主機名共享同一個域名,我想通過 HTTPs 提供服務。我有一個萬用字元 SSL 證書並創建了兩個虛擬主機配置:

主機 A

listen      127.0.0.1:443 ssl;
server_name     a.example.com;
root        /data/httpd/a.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;

主機 B

listen      127.0.0.1:443 ssl;
server_name     b.example.com;
root        /data/httpd/b.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;

但是,我為任一主機名提供了相同的虛擬主機。

您需要從 ssl 偵聽/配置部分拆分虛擬主機:

聽力部分:

server {
 listen              127.0.0.1:443 default_server ssl;
 server_name         _;
 ssl_certificate     /etc/ssl/wildcard.cer;
 ssl_certificate_key /etc/ssl/wildcard.key;
}

現在虛擬主機:

server {
 listen      127.0.0.1:443;
 server_name a.example.com;
 root        /data/httpd/a.example.com;
}

server {
 listen      127.0.0.1:443;
 server_name b.example.com;
 root        /data/httpd/b.example.com;
}

它實際上在手冊中進行了解釋:http: //nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
 listen      443 ssl;
 server_name a.example.com;
 root        /data/httpd/a.example.com;
}
server {
 listen      443 ssl;
 server_name b.example.com;
 root        /data/httpd/b.example.com;
}

現在,如果您有許多站點,我建議將它們全部儲存在一個文件夾中,僅將上面的 server{} 部分儲存在單個文件中,並在主文件中使用 include 指令來載入所有站點:

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;

引用自:https://serverfault.com/questions/548938