在 nginx 中使用通配符证书的多个 SSL 虚拟主机

vin*_*.io 14 ssl nginx https virtualhost ssl-certificate

我有两个主机名共享相同的域名,我想通过 HTTPs 提供服务。我有一个通配符 SSL 证书并创建了两个 vhost 配置:

主机 A

listen      127.0.0.1:443 ssl;
server_name     a.example.com;
root        /data/httpd/a.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
Run Code Online (Sandbox Code Playgroud)

主机B

listen      127.0.0.1:443 ssl;
server_name     b.example.com;
root        /data/httpd/b.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
Run Code Online (Sandbox Code Playgroud)

但是,我为任一主机名提供了相同的虚拟主机。

Tef*_*tin 19

您需要从 ssl 侦听/配置部分拆分 vhosts:

听力部分:

server {
  listen              127.0.0.1:443 default_server ssl;
  server_name         _;
  ssl_certificate     /etc/ssl/wildcard.cer;
  ssl_certificate_key /etc/ssl/wildcard.key;
}
Run Code Online (Sandbox Code Playgroud)

现在虚拟主机:

server {
  listen      127.0.0.1:443;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}

server {
  listen      127.0.0.1:443;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}
Run Code Online (Sandbox Code Playgroud)

  • 仅在 default_server 上配置 `ssl_certificate`、`ssl_certificate_key` 和 `ssl` 就足够了。顺便说一句,这个配置实际上有效。 (2认同)
  • 显然,在进行这些更改时,您需要*重新启动* nginx 而不是*重新加载* 它。非常感谢,您的回答很有魅力:) (2认同)

Bxl*_*fty 13

它实际上在手册中有解释:http : //nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
  listen      443 ssl;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}
server {
  listen      443 ssl;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}
Run Code Online (Sandbox Code Playgroud)

现在,如果您有多个站点,我建议将它们全部存储在一个文件夹中,仅将 server{} 部分存储在单个文件中,并在主文件中添加一个 include 指令来加载所有站点:

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;
Run Code Online (Sandbox Code Playgroud)