目前,Nginx 配置为接受域名通配符 SSL 证书,例如:*.website.com。
我没有购买昂贵的通配符证书,而是为顶级域名 website.com 购买了单域 SSL 证书
现在,我发现该服务实际上使用了两个也需要使用 SSL 的子域。
例如:a.website.com 和 b.website.com
问题。
我如何更改 nginx 配置,以便当我为 a.website.com 购买单个子域 SSL 证书时,我可以指向 nginx 使用它。
Nginx 文件当前的样子如下:
server {
listen 80;
server_name website.io www.website.io;
return 301 https://website.io$request_uri;
}
server {
listen 443 ssl;
ssl on;
server_name website.io www.website.io;
client_max_body_size 5m;
add_header X-UA-Compatible "IE=Edge,chrome=1";
access_log /var/log/nginx/website.io_access.log;
error_log /var/log/nginx/website.io_error.log;
ssl_certificate /srv/ssl/website.io/ssl.crt;
ssl_certificate_key /srv/ssl/website.io/ssl.key;
error_page 500 502 503 504 /500.html;
location /500.html {
root /srv/static/website/maintenance;
}
location / {
#auth_basic "Restricted";
#auth_basic_user_file /etc/nginx/htpasswd.conf;
include uwsgi_params;
uwsgi_connect_timeout 30;
uwsgi_read_timeout 30;
uwsgi_pass 127.0.0.4:3031;
}
}
答案1
您的配置将变成这样(为了清楚起见,我已将您示例中的域更改为域a.website.com
并b.website.com
按照您的问题正文进行更改)
server {
listen 80;
server_name a.website.com;
return 301 https://a.website.com$request_uri;
}
server {
listen 443 ssl;
server_name a.website.com;
client_max_body_size 5m;
add_header X-UA-Compatible "IE=Edge,chrome=1";
access_log /var/log/nginx/a.website_access.log;
error_log /var/log/nginx/a.website_error.log;
ssl_certificate /srv/ssl/a.website/ssl.crt;
ssl_certificate_key /srv/ssl/a.website/ssl.key;
error_page 500 502 503 504 /500.html;
location /500.html {
root /srv/static/website/maintenance;
}
location / {
#auth_basic "Restricted";
#auth_basic_user_file /etc/nginx/htpasswd.conf;
include uwsgi_params;
uwsgi_connect_timeout 30;
uwsgi_read_timeout 30;
uwsgi_pass 127.0.0.4:3031;
}
}
server {
listen 80;
server_name b.website.com;
return 301 https://b.website.com$request_uri;
}
server {
listen 443 ssl;
server_name b.website.com;
client_max_body_size 5m;
add_header X-UA-Compatible "IE=Edge,chrome=1";
access_log /var/log/nginx/b.website.com_access.log;
error_log /var/log/nginx/b.website.com_error.log;
ssl_certificate /srv/ssl/b.website.com/ssl.crt;
ssl_certificate_key /srv/ssl/b.website.com/ssl.key;
error_page 500 502 503 504 /500.html;
location /500.html {
root /srv/static/website/maintenance;
}
location / {
#auth_basic "Restricted";
#auth_basic_user_file /etc/nginx/htpasswd.conf;
include uwsgi_params;
uwsgi_connect_timeout 30;
uwsgi_read_timeout 30;
uwsgi_pass 127.0.0.4:3031;
}
}
您可以根据需要对任意数量的站点重复此操作,它只会为每个站点定义一个或多个额外的服务器块