我有两个主机名,它们共享要通过HTTP服务的相同域名。我有一个通配符SSL证书,并创建了两个vhost配置:
主持人A
listen 127.0.0.1:443 ssl;
server_name a.example.com;
root /data/httpd/a.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
主机B
listen 127.0.0.1:443 ssl;
server_name b.example.com;
root /data/httpd/b.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
但是,我为任一主机名使用了相同的虚拟主机。
Answers:
您需要从ssl侦听/配置部分拆分虚拟主机:
听力部分:
server {
listen 127.0.0.1:443 default_server ssl;
server_name _;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
}
现在虚拟主机:
server {
listen 127.0.0.1:443;
server_name a.example.com;
root /data/httpd/a.example.com;
}
server {
listen 127.0.0.1:443;
server_name b.example.com;
root /data/httpd/b.example.com;
}
ssl_certificate,ssl_certificate_key并ssl在default_server只。顺便说一句,此配置实际上有效。
ssl在listen指令上使其与1.4.x nginx一起使用。我listen在虚拟主机中的指令在字面上也必须相同(逻辑上的等效性还不够)。
手册中对此进行了实际说明:http : //nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
listen 443 ssl;
server_name a.example.com;
root /data/httpd/a.example.com;
}
server {
listen 443 ssl;
server_name b.example.com;
root /data/httpd/b.example.com;
}
现在,如果您有许多站点,我建议将所有站点都存储在一个文件夹中,该目录仅具有上述server {}部分,并在单个文件中存储,而在主文件中包含一个include指令以加载所有站点:
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;
ssl_certificate和ssl_certificate_key应配置的内部server或http位置。在您的示例中,您已经在第一个server位置内声明了它,但没有为其他两个虚拟主机声明它。