我有多个域名 example.ink、example.wiki、example.app 和 example.dev,它们都在同一 VPS 上运行。但我的 .ink 和 .wiki 网站运行良好,但 .app 和 .dev 通知他们使用 .ink 证书。
我的nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# SSL Settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
resolver 127.0.0.1;
# Point to Node App
upstream example_node {
server 127.0.0.1:3333;
keepalive 8;
}
# Main site
server {
listen 80;
server_name example.ink www.example.ink;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/sites/example_ink.pem;
ssl_certificate_key /etc/ssl/sites/example_ink.key;
server_name www.example.ink;
return 301 https://example.ink$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/sites/example_ink.pem;
ssl_certificate_key /etc/ssl/sites/example_ink.key;
server_name example.ink;
access_log /var/log/nginx/example_log.log;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://example_node/;
}
}
# Wiki
server {
listen 80;
server_name www.example.wiki example.wiki;
return 301 https://example.wiki$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/sites/example_wiki.pem;
ssl_certificate_key /etc/ssl/sites/example_wiki.key;
server_name www.example.wiki;
return 301 https://example.wiki$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/sites/example_wiki.pem;
ssl_certificate_key /etc/ssl/sites/example_wiki.key;
server_name example.wiki;
access_log /var/log/nginx/example_log.log;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://example_node/;
}
}
# App
server {
listen 80;
server_name www.example.app example.app;
return 301 https://example.app$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/sites/example_app.pem;
ssl_certificate_key /etc/ssl/sites/example_app.key;
server_name www.example.app;
return 301 https://example.app$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/sites/example_app.pem;
ssl_certificate_key /etc/ssl/sites/example_app.key;
server_name example.app;
access_log /var/log/nginx/example_log.log;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://example_node/;
}
}
# Dev
server {
listen 80;
server_name www.example.dev example.dev;
return 301 https://example.app$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/sites/example_dev.pem;
ssl_certificate_key /etc/ssl/sites/example_dev.key;
server_name www.example.dev;
return 301 https://example.app$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/sites/example_dev.pem;
ssl_certificate_key /etc/ssl/sites/example_dev.key;
server_name example.dev;
access_log /var/log/nginx/example_log.log;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://example_node/;
}
}
}
我的预期行为:
http://example.ink redirect https://example.ink ✔
https://example.ink site loaded ✔
http://example.wiki redirect https://example.wiki ✔
https://example.wiki site loaded ✔
http://example.app redirect https://example.app ✔
https://example.app site loaded ✔
http://example.dev redirect https://example.dev ✔
https://example.dev site loaded ✔
当前行为:
http://example.ink redirect https://example.ink ✔
https://example.ink site loaded ✔
http://example.wiki redirect https://example.wiki ✔
https://example.wiki site loaded ✔
http://example.app redirect https://example.app ✔
https://example.app site loaded ✗ [warning SSL of example.ink]
http://example.dev redirect https://example.dev ✔
https://example.dev site loaded ✗ [warning SSL of example.ink]