我有两个主机名共享同一个域名,我想通过 HTTP 提供服务。我有一个通配符 SSL 证书并创建了两个 vhost 配置:
主机 A
listen 127.0.0.1:443 ssl;
server_name a.example.com;
root /data/httpd/a.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
主机B
listen 127.0.0.1:443 ssl;
server_name b.example.com;
root /data/httpd/b.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
但是,对于任一主机名,我都获得了相同的虚拟主机服务。
答案1
您需要将 vhosts 从 ssl 监听/配置部分中分离出来:
听力部分:
server {
listen 127.0.0.1:443 default_server ssl;
server_name _;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
}
现在虚拟主机:
server {
listen 127.0.0.1:443;
server_name a.example.com;
root /data/httpd/a.example.com;
}
server {
listen 127.0.0.1:443;
server_name b.example.com;
root /data/httpd/b.example.com;
}
答案2
手册中实际上已经解释了这一点: http://nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
listen 443 ssl;
server_name a.example.com;
root /data/httpd/a.example.com;
}
server {
listen 443 ssl;
server_name b.example.com;
root /data/httpd/b.example.com;
}
现在,如果您有许多站点,我建议将它们全部存储在一个文件夹中,该文件夹中只包含如上所述的 server{} 部分,并在主文件中使用 include 指令来加载所有站点:
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;