您好,我该如何建立基础ssl_certificate并ssl_certificate_key基于$host这样我就能够做到:
if $host = domain.com than set one path, if $host = example.com than set another path?
我在用nginx/1.15.8
如果我为域创建不同的块,我会在重新加载时收到错误:
nginx: [emerg] duplicate zone "cache"因此我需要 1 个块并根据域加载证书。
所以我有以下脚本来阻止 IP:
#!/bin/bash
# here's your list of IPS
CURRENT_BL=/path/to/my/ip_black_list.txt
# create/flush recreate the tables
iptables -F BLACKHOLE
iptables -N BLACKHOLE
for BAD_IP in $(cat $CURRENT_BL)
do
ipset add ipset-blacklist $BAD_IP 2>/dev/null || \
echo "Failed to add ${BAD_IP}"
done
# REJECT the matching target
iptables -A BLACKHOLE -p all -m set --match-set ipset-blacklist src -j REJECT
iptables -A BLACKHOLE -j RETURN
# assume your nginx is on 80 and 443
iptables -A INPUT -p tcp -m multiport --destination-ports 80,443 …