如何配置 NginX:一个域有 SSL,另一个没有
[英]How to configure NginX: one domain with SSL, another without
问题描述
I have 2 domains on single host using NginX:
我在使用 NginX 的单个主机上有 2 个域:
Full server with SSL (Python back end) on both 80 and 443 ports.
80 和 443 端口上带有 SSL(Python 后端)的完整服务器。Just redirect to another domain, no SSL.
只需重定向到另一个域,无需 SSL。
They are described in server sections of different .conf files:它们在不同.conf文件的server部分中描述:
1. 1.
server {
listen 80;
listen 443 ssl;
server_name verni-verni.ru www.verni-verni.ru;
# Certificates
ssl_certificate /var/www/SSL/ca.crt;
ssl_certificate_key /var/www/SSL/private.key;
# Logs
...
# Static Content
...
# Reverse Proxy
location / {
...
}
}
2. 2.
server {
listen 80;
# listen 443;
server_name gdeclient.ru;
rewrite ^/(.*)$ http://... redirect;
}
If I set up only 80 port for the second domain, then it doesn't redirect HTTPS connections.如果我只为第二个域设置 80 端口,则它不会重定向 HTTPS 连接。
But if I setup 443 port also (without SSL) for the second domain, than the port 443 doesn't work for the first domain, I get the following error :但是如果我也为第二个域设置了 443 端口(没有 SSL),那么端口 443 对第一个域不起作用,我会收到以下错误:
no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking
The questions:问题:
Why the second redirecting server affects the first one, if they have different domain names???
为什么第二个重定向服务器会影响第一个,如果它们有不同的域名???Is it possible to setup HTTPS redirecting for the second server without using SSL and without affecting the first server?
是否可以在不使用 SSL 且不影响第一台服务器的情况下为第二台服务器设置 HTTPS 重定向?
2 个解决方案
解决方案1
1 已采纳 2018-10-16 13:50:35
In answer to your questions:回答您的问题:
Nginx accepts the connection on port 443 and then needs to decide which server to use to process it.
Nginx 接受端口 443 上的连接,然后需要决定使用哪个服务器来处理它。 See how Nginx processes a request and Server Name Indication .查看Nginx 如何处理请求和服务器名称指示。If you have no certificate for the second domain, you will not be able to accept HTTPS connections for that domain without the browser complaining about the certificate - even if you only want to redirect it elsewhere.
如果您没有第二个域的证书,您将无法接受该域的 HTTPS 连接,而浏览器不会抱怨证书 - 即使您只想将其重定向到其他地方。
If you only want to prevent the HTTPS connections to the second domain being incorrectly handled by the first, just add listen 443 ssl;如果您只想防止到第二个域的 HTTPS 连接被第一个错误处理,只需添加listen 443 ssl; to the second domain, and either make the ssl_certificate statements global, or repeat them in the second server block.到第二个域,并使ssl_certificate语句全局化,或在第二个server块中重复它们。
解决方案2
1 2018-10-17 01:32:14
Why the second redirecting server affects the first one, if they have different domain names???为什么第二个重定向服务器会影响第一个,如果它们有不同的域名???
Because the SSL handshake and connection is established before the browser sends an HTTP request and nginx does not know the name of the requested server.因为 SSL 握手和连接是在浏览器发送 HTTP 请求之前建立的,而 nginx 不知道请求的服务器的名称。 In your case, request is going to the default server block (2nd server block) for all port 443 requests, cannot find ssl_certificate config and complains.在您的情况下,请求将转到所有端口 443 请求的默认服务器块(第二个服务器块),找不到 ssl_certificate 配置并抱怨。
If you make your ssl_certificate declarations global then it will redirect it to first server block correctly.如果您将 ssl_certificate 声明设为全局,那么它将正确地将其重定向到第一个服务器块。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.