[英]Nginx redirect root domain which is not in SSL certificate
I have an SSL wildcard certificate for *.example.com which is not valid for the root domain. 我有一个* .example.com的SSL通配符证书,该证书对根域无效。 I would like Nginx on Ubuntu 14.04 to
我想要Ubuntu 14.04上的Nginx
I managed to achieve 1 and 2 with the configuration copied below. 通过复制下面的配置,我设法实现了1和2。
server {
#listen 80;
#isten 443;
return 404;
}
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
#certificate and key referenced in common.conf
server_name www.example.com;
root /usr/share/nginx/html/example.com;
index index.php index.html index.htm;
include common/common.conf;
}
When I remove comment marks from the second and third lines above, hoping to return 404 only for https://example.com - nothing works. 当我从上面的第二行和第三行删除注释标记时,希望仅对https://example.com返回404-没有任何效果。 For example, I get ERR_CONNECTION_CLOSED in Chrome for both https://www.example.com/ and http://ww.example.com/ .
例如,我在Chrome中对于https://www.example.com/和http://ww.example.com/都获得ERR_CONNECTION_CLOSED。
What should I do to achieve 1), 2) and 3) together? 我应该怎么做才能一起实现1),2)和3)?
Many thanks. 非常感谢。
... wildcard certificate for *.example.com which is not valid for the root domain ... return 404 for the root domain only on port 443, eg if reuqest is https://example.com
... *。example.com的通配符证书,对于根域无效...仅在端口443上为根域返回404,例如,如果reuqest是https://example.com
This is not possible. 这是不可能的。 With https the HTTP response is generated inside an established TLS connection for the host in the URL.
使用https,HTTP响应将在URL中为主机建立的TLS连接内生成。 Thus to return a 404 for access to https://example.com you must first have a validated TLS connection.
因此,要返回404以访问https://example.com,您必须首先具有经过验证的TLS连接。 But because example.com is not contained in your certificate you get a validation error when trying to establish the TLS connection and thus no TLS connection is successfully established and no 404 can be returned inside the connection.
但是,由于证书中不包含example.com,因此在尝试建立TLS连接时会收到验证错误,因此无法成功建立TLS连接,并且在连接内部无法返回404。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.