nginx 提供错误的 SSL 证书

tag-icon tag-icon nginx ssl-certificate
nginx 提供错误的 SSL 证书

我有多个域名 example.ink、example.wiki、example.app 和 example.dev,它们都在同一 VPS 上运行。但我的 .ink 和 .wiki 网站运行良好,但 .app 和 .dev 通知他们使用 .ink 证书。

我的nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;


events {
    worker_connections 768;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # SSL Settings
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    resolver 127.0.0.1;

    # Point to Node App
    upstream example_node {
        server 127.0.0.1:3333;
        keepalive 8;
    }

    # Main site
    server {
        listen 80;

        server_name example.ink www.example.ink;

        return 301 https://$server_name$request_uri;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/sites/example_ink.pem;
        ssl_certificate_key /etc/ssl/sites/example_ink.key;
        
        server_name www.example.ink;

        return 301 https://example.ink$request_uri;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/sites/example_ink.pem;
        ssl_certificate_key /etc/ssl/sites/example_ink.key;

        server_name example.ink;

        access_log /var/log/nginx/example_log.log;

        location / {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            proxy_pass http://example_node/;
        }
    }

    # Wiki
    server {
        listen 80;
        
        server_name www.example.wiki example.wiki;

        return 301 https://example.wiki$request_uri;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/sites/example_wiki.pem;
        ssl_certificate_key /etc/ssl/sites/example_wiki.key;
        
        server_name www.example.wiki;

        return 301 https://example.wiki$request_uri;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/sites/example_wiki.pem;
        ssl_certificate_key /etc/ssl/sites/example_wiki.key;

        server_name example.wiki;

        access_log /var/log/nginx/example_log.log;

        location / {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            proxy_pass http://example_node/;
        }
    }

    # App
    server {
        listen 80;
        
        server_name www.example.app example.app;

        return 301 https://example.app$request_uri;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/sites/example_app.pem;
        ssl_certificate_key /etc/ssl/sites/example_app.key;
        
        server_name www.example.app;

        return 301 https://example.app$request_uri;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/sites/example_app.pem;
        ssl_certificate_key /etc/ssl/sites/example_app.key;

        server_name example.app;

        access_log /var/log/nginx/example_log.log;

        location / {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            proxy_pass http://example_node/;
        }
    }

    # Dev
    server {
        listen 80;
        
        server_name www.example.dev example.dev;

        return 301 https://example.app$request_uri;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/sites/example_dev.pem;
        ssl_certificate_key /etc/ssl/sites/example_dev.key;
        
        server_name www.example.dev;

        return 301 https://example.app$request_uri;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/ssl/sites/example_dev.pem;
        ssl_certificate_key /etc/ssl/sites/example_dev.key;

        server_name example.dev;

        access_log /var/log/nginx/example_log.log;

        location / {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

            proxy_pass http://example_node/;
        }
    }
}

我的预期行为:

http://example.ink redirect https://example.ink ✔
https://example.ink site loaded ✔

http://example.wiki redirect https://example.wiki ✔
https://example.wiki site loaded ✔

http://example.app redirect https://example.app ✔
https://example.app site loaded ✔

http://example.dev redirect https://example.dev ✔
https://example.dev site loaded ✔

当前行为:

http://example.ink redirect https://example.ink ✔
https://example.ink site loaded ✔

http://example.wiki redirect https://example.wiki ✔
https://example.wiki site loaded ✔

http://example.app redirect https://example.app ✔
https://example.app site loaded ✗ [warning SSL of example.ink]

http://example.dev redirect https://example.dev ✔
https://example.dev site loaded ✗ [warning SSL of example.ink]

相关内容