我使用带有 SSL 通配符证书的 nginx,如下所示:
/etc/nginx/sites-enabled/example.com
server {
listen 443 default_server ssl;
server_name 192.168.0.1 example.com;
include /etc/nginx/ssl.conf;
error_log /var/log/nginx/example.com.error.ssl.log;
access_log /var/log/nginx/example.com.access.ssl.log;
root /var/www/example.com/;
index index.html;
location / {
alias /var/www/example.com/example.com/;
}
}
server {
listen 80;
server_name 192.168.0.1 example.com;
return 301 https://$server_name$request_uri;
}
/etc/nginx/ssl.conf
包含的ssl.conf内容如下所示:
ssl_certificate /etc/nginx/ssl/example.com/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/example.com.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/ssl/example.com/example.com_dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
我的子域名的服务器块如下所示:
/etc/nginx/sites-enabled/blog.example.com
server {
listen 443;
server_name blog.example.com;
error_log /var/log/nginx/blog.example.com.error.ssl.log;
access_log /var/log/nginx/blog.example.com.access.ssl.log;
root /var/www/blog.example.com/;
index index.html;
location / {
proxy_pass http://localhost:2368/;
proxy_set_header Host $host;
proxy_buffering off;
autoindex off;
}
}
server {
listen 80;
server_name blog.example.com;
return 301 https://$server_name$request_uri;
}
子域名上的 https 工作正常,但我想知道为什么它正在运行,并且为什么 blog.example.com 会从 example.com 继承设置,即使 ssl.conf 不包含在该服务器块中。
我在 nginx 文档中找不到有关从 default_server 继承设置的任何内容。
这仅仅是通配符证书的预期行为吗?
谢谢!
答案1
即使您没有显示主要内容,nginx.conf我怀疑您的内容ssl.conf包含在httpnginx 配置级别中。
几乎所有http级别设置都会被servernginx 中的块继承。请参阅http://blog.martinfjordvald.com/2012/08/understanding-the-nginx-configuration-inheritance-model/有关指令继承在 nginx 中如何运作的更多信息。