[英]How to configure NGINX SSL (SNI)
I have this NGINX configuration as follows: 我有这个NGINX配置如下:
# jelastic is a wildcard certificate for *.shared-hosting.xyz
server {
listen 443;
server_name _;
ssl on;
ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
}
# fullchain2 is a certificate for custom domain
server {
listen 443 ssl;
server_name my-custom-domain-demo.xyz www.my-custom-domain-demo.com;
ssl_certificate /var/lib/nginx/ssl/my-custom-domain-demo.xyz/fullchain2.pem;
ssl_certificate_key /var/lib/nginx/ssl/my-custom-domain-demo.xyz/privkey2.pem;
}
# additional configuration for other custom domains follows
The NGINX server receives requests with host having a pattern like of *.shared-hosting.xyz
, eg website1.shared-hosting.xyz
, website2.shared-hosting.xyz
and also with variable hosts having different domains like my-custom-domain-demo.xyz
or another-custom-domain-demo.xyz
etc. NGINX服务器接收请求,主机具有类似
*.shared-hosting.xyz
的模式,例如website1.shared-hosting.xyz
, website2.shared-hosting.xyz
以及具有不同域的变量主机,例如my-custom-domain-demo.xyz
或another-custom-domain-demo.xyz
等。
Now the problem is the lower server
NGINX configuration overrides the upper configuration. 现在的问题是较低的
server
NGINX配置会覆盖上层配置。 Having it, the upper does not work anymore, and accessing *.shared-hosting.xyz
returns certificate error, and browser is telling the certificate is for my-custom-domain-demo.xyz
only. 拥有它,上层不再工作,访问
*.shared-hosting.xyz
返回证书错误,浏览器告诉证书仅适用于my-custom-domain-demo.xyz
。
What can be done with this such that the lower NGINX config triggers for *.shared-hosting.xyz
domains and every other additional server configuration will not trigger when host is in the pattern of *.shared-hosting.xyz
? 可以做些什么,以便较低的NGINX配置触发
*.shared-hosting.xyz
域,并且当主机处于*.shared-hosting.xyz
模式时,其他所有其他服务器配置都不会触发?
The server_name _;
server_name _;
is irrelevant (and is not required in modern versions of nginx
). 是无关紧要的(在现代版本的
nginx
不是必需的)。 If a server
with a matching listen
and server_name
cannot be found, nginx
will use the default server . 如果
server
具有匹配的listen
和server_name
无法找到, nginx
将使用默认的服务器 。
In the absence of a default_server
suffix to the listen
directive, nginx
will use the first server
block with a matching listen
. 在
listen
指令缺少default_server
后缀的情况下, nginx
将使用匹配listen
的第一个server
块。
If your configurations are spread across multiple files, there evaluation order will be ambiguous, so you need to mark the default server explicitly. 如果您的配置分布在多个文件中,则评估顺序将不明确,因此您需要明确标记默认服务器。
Try this for the jelastic
server block: 试试这个
jelastic
服务器块:
server {
listen 443 ssl default_server;
ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
...
}
See this document for more. 有关更多信息,请参阅此文
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.