我想使用 CNAME 扁平化将子域名指向另一个外部域名中显示。
例如book.webbangkok.com显示在property.thailandbusinessconsultant.com
在webbangkok.comDNS 中,我已将 CNAME 博客创建为property.thailandbusinessconsultant.com。我需要在 DNS 中执行什么操作才能property.thailandbusinessconsultant.com显示它?
答案1
book.webbangkok.com 是通过 CNAME 映射到 property.thailandbusinessconsultant.com 的子域名。
DNS 目前不同意您的意见:
$ dig book.webbangkok.com
[...]
;; ANSWER SECTION:
book.webbangkok.com. 3600 IN A 104.24.120.92
book.webbangkok.com. 3600 IN A 104.24.121.92
沒有CNAME 記錄。
这是要修复的第一件事,因为property.thailandbusinessconsultant.com它解析为另外两个完全不同的 IP 地址。
之后,您必须配置网站当前的 IP 地址104.28.11.67并104.28.10.67(property.thailandbusinessconsultant.com解析为这些地址)以接受该名称的连接book.webbangkok.com。
因此,通过在您的网站上模拟 CNAME 的连接,即强制解析到第二组 IP 地址:
curl --verbose --resolve book.webbangkok.com:80:104.28.11.67 http://book.webbangkok.com/
* Expire in 0 ms for 6 (transfer 0x55c303be45c0)
* Added book.webbangkok.com:80:104.28.11.67 to DNS cache
* Hostname book.webbangkok.com was found in DNS cache
* Trying 104.28.11.67...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55c303be45c0)
* Connected to book.webbangkok.com (104.28.11.67) port 80 (#0)
> GET / HTTP/1.1
> Host: book.webbangkok.com
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Fri, 12 Jul 2019 04:20:54 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Fri, 12 Jul 2019 05:20:54 GMT
< Location: https://book.webbangkok.com/
< Server: cloudflare
< CF-RAY: 4f503a33ad2323ac-IAD
<
* Connection #0 to host book.webbangkok.com left intact
好的,重定向到 HTTPS,这很好,但是结果却不是:
$ curl --verbose --resolve book.webbangkok.com:443:104.28.11.67 https://book.webbangkok.com/
* Expire in 0 ms for 6 (transfer 0x5572f5fcb5c0)
* Added book.webbangkok.com:443:104.28.11.67 to DNS cache
* Hostname book.webbangkok.com was found in DNS cache
* Trying 104.28.11.67...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5572f5fcb5c0)
* Connected to book.webbangkok.com (104.28.11.67) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=sni.cloudflaressl.com
* start date: Mar 24 00:00:00 2019 GMT
* expire date: Mar 24 12:00:00 2020 GMT
* subjectAltName: host "book.webbangkok.com" matched cert's "*.webbangkok.com"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
* SSL certificate verify ok.
这很好,没有证书问题。但是返回的 HTML 页面有:
<div class="cf-column">
<h2>What happened?</h2>
<p>Cloudflare is unable to establish an SSL connection to the origin server.</p>
</div>
<div class="cf-column">
<h2>What can I do?</h2>
<h5>If you're a visitor of this website:</h5>
<p>Please try again in a few minutes.</p>
<h5>If you're the owner of this website:</h5>
<p><span>It appears that the SSL configuration used is not compatible with Cloudflare. This could happen for a several reasons, including no shared cipher suites.</span> <a href="https://support.cloudflare.com/hc/en-us/articles/200278659">Additional troubleshooting information here.</a></p>
</div>
您可以链接到 CloudFlare 文档来修复该问题。