Nginx 上的多个虚拟主机 HTTPS

Nginx 上的多个虚拟主机 HTTPS

是否可以在单个 Nginx 实例上通过 HTTPS 拥有多个(两个)虚拟主机(站点/应用程序)?

我尝试过类似

upstream a {
  server app:8080;
}


upstream b {
  server app2:5678;
}

server {
  listen 443 ssl http2;
  server_name sub.example.com;

  ssl_certificate       /etc/ssl/certs/fullchain.pem;
  ssl_certificate_key   /etc/ssl/certs/privkey.pem;
  ssl_dhparam           /etc/ssl/certs/dhparam-2048.pem;
  
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8;

  location / {
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://unicorn;
}

server {
  listen 5678 ssl http2;
  server_name sub.example.com;

  ssl_certificate       /etc/ssl/certs/fullchain.pem;
  ssl_certificate_key   /etc/ssl/certs/privkey.pem;
  ssl_dhparam           /etc/ssl/certs/dhparam-2048.pem;
  
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8;

  location / {
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://unicorn2;
}
}

应用程序“a”可以访问。但是,应用程序“b”不能访问。我得到了一个Error code: SSL_ERROR_RX_RECORD_TOO_LONG

这两个应用程序应该在同一个子域上运行。

相关内容