堆栈内存溢出
  简体   繁体   English

如何配置NGINX SSL(SNI)

[英]How to configure NGINX SSL (SNI)

 原文  2017-04-08 04:22:50       ssl/ nginx

问题描述

I have this NGINX configuration as follows: 我有这个NGINX配置如下: 

  # jelastic is a wildcard certificate for *.shared-hosting.xyz
  server {
  listen 443;
  server_name _;

  ssl on;
  ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
  ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
  }

  # fullchain2 is a certificate for custom domain
  server {
  listen 443 ssl;
  server_name my-custom-domain-demo.xyz www.my-custom-domain-demo.com;
  ssl_certificate /var/lib/nginx/ssl/my-custom-domain-demo.xyz/fullchain2.pem;
  ssl_certificate_key /var/lib/nginx/ssl/my-custom-domain-demo.xyz/privkey2.pem;
  }
  # additional configuration for other custom domains follows

The NGINX server receives requests with host having a pattern like of *.shared-hosting.xyz , eg website1.shared-hosting.xyz , website2.shared-hosting.xyz and also with variable hosts having different domains like my-custom-domain-demo.xyz or another-custom-domain-demo.xyz etc. NGINX服务器接收请求,主机具有类似*.shared-hosting.xyz的模式,例如website1.shared-hosting.xyzwebsite2.shared-hosting.xyz以及具有不同域的变量主机,例如my-custom-domain-demo.xyzanother-custom-domain-demo.xyz等。

Now the problem is the lower server NGINX configuration overrides the upper configuration. 现在的问题是较低的server NGINX配置会覆盖上层配置。 Having it, the upper does not work anymore, and accessing *.shared-hosting.xyz returns certificate error, and browser is telling the certificate is for my-custom-domain-demo.xyz only. 拥有它,上层不再工作,访问*.shared-hosting.xyz返回证书错误,浏览器告诉证书仅适用于my-custom-domain-demo.xyz

What can be done with this such that the lower NGINX config triggers for *.shared-hosting.xyz domains and every other additional server configuration will not trigger when host is in the pattern of *.shared-hosting.xyz ? 可以做些什么,以便较低的NGINX配置触发*.shared-hosting.xyz域,并且当主机处于*.shared-hosting.xyz模式时,其他所有其他服务器配置都不会触发?

1 个解决方案

解决方案1
 4 已采纳  2017-04-08 07:58:11

The server_name _; server_name _; is irrelevant (and is not required in modern versions of nginx ). 是无关紧要的(在现代版本的nginx不是必需的)。 If a server with a matching listen and server_name cannot be found, nginx will use the default server . 如果server具有匹配的listenserver_name无法找到, nginx将使用默认服务器

In the absence of a default_server suffix to the listen directive, nginx will use the first server block with a matching listen . listen指令缺少default_server后缀的情况下, nginx将使用匹配listen的第一个server块。

If your configurations are spread across multiple files, there evaluation order will be ambiguous, so you need to mark the default server explicitly. 如果您的配置分布在多个文件中,则评估顺序将不明确,因此您需要明确标记默认服务器。

Try this for the jelastic server block: 试试这个jelastic服务器块: 

server {
    listen 443 ssl default_server;

    ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
    ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
    ...
}

See this document for more. 有关更多信息,请参阅此文

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用nginx和SNI进行SSL端口统一 - SSL port unification with nginx and SNI NGINX中具有CNAME和SSL的SNI和虚拟主机 - SNI and Virtual Hosts with CNAMEs and SSL in NGINX 如何使用Rails应用程序在Nginx上配置SSL终止 - How to configure SSL termination on Nginx with a Rails application 如何配置Nginx SSL以支持ie6 - How to configure nginx ssl to support ie6 如何配置 Nginx 和 Node 使用 SSL? - How to configure Nginx and Node to use SSL? 使用 nginx 和 ssl 配置 SocketCluster - Configure SocketCluster with nginx and ssl 配置 NGINX + CloudFlare + SSL - Configure NGINX + CloudFlare + SSL 在 Django 中的 NGINX 和 Gunicorn 中配置 SSL - Configure SSL in NGINX and Gunicorn in Django 如何配置 NginX:一个域有 SSL,另一个没有 - How to configure NginX: one domain with SSL, another without 如何使用Nginx配置Phusion乘客以在Rails中支持SSL? - How can I configure phusion passenger with nginx to support ssl in rails?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM