Nginx 中使用通配符证书的多个 SSL 虚拟主机

Nginx 中使用通配符证书的多个 SSL 虚拟主机

我有两个主机名共享同一个域名,我想通过 HTTP 提供服务。我有一个通配符 SSL 证书并创建了两个 vhost 配置:

主机 A

listen      127.0.0.1:443 ssl;
server_name     a.example.com;
root        /data/httpd/a.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;

主机B

listen      127.0.0.1:443 ssl;
server_name     b.example.com;
root        /data/httpd/b.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;

但是,对于任一主机名,我都获得了相同的虚拟主机服务。

答案1

您需要将 vhosts 从 ssl 监听/配置部分中分离出来:

听力部分:

server {
  listen              127.0.0.1:443 default_server ssl;
  server_name         _;
  ssl_certificate     /etc/ssl/wildcard.cer;
  ssl_certificate_key /etc/ssl/wildcard.key;
}

现在虚拟主机:

server {
  listen      127.0.0.1:443;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}

server {
  listen      127.0.0.1:443;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}

答案2

手册中实际上已经解释了这一点: http://nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
  listen      443 ssl;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}
server {
  listen      443 ssl;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}

现在,如果您有许多站点,我建议将它们全部存储在一个文件夹中,该文件夹中只包含如上所述的 server{} 部分,并在主文件中使用 include 指令来加载所有站点:

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;

相关内容