Nginx 当我卷曲第二个域时,显示的证书是第一个域的证书
这是我的nginx设置。我还使用Docker和Docker Compose来运行我的nginx和webservice 这是我在docker中运行nginx-V时看到的 nginx版本:nginx/1.15.5 由gcc 6.4.0阿尔卑斯6.4.0建造 使用OpenSSL 1.0.2p构建,2018年8月14日 TLS SNI支持已启用Nginx 当我卷曲第二个域时,显示的证书是第一个域的证书,nginx,ssl,Nginx,Ssl,这是我的nginx设置。我还使用Docker和Docker Compose来运行我的nginx和webservice 这是我在docker中运行nginx-V时看到的 nginx版本:nginx/1.15.5 由gcc 6.4.0阿尔卑斯6.4.0建造 使用OpenSSL 1.0.2p构建,2018年8月14日 TLS SNI支持已启用 ## for http version of * server { listen 80; listen [::]:80; server_
## for http version of *
server {
listen 80;
listen [::]:80;
server_name domain_1 domain_2;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
## for https version of *
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain_1;
location /websocket/ {
proxy_pass http://websocket:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
## this is to proxy pass to the django container
location / {
proxy_pass http://django:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
location /websockets/ {
try_files $uri @proxy_websocket;
}
location @proxy_websocket {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://websocket:8001;
}
## this is to alias the /static to the /staticfiles folder inside django container
location /static/ {
alias /django/staticfiles/;
}
## this is to alias the /media to the /media folder inside django container
location /media/ {
alias /django/media/;
}
## this is for the various SSL settings
include /etc/nginx/conf.d/ssl_common.conf;
# include /etc/nginx/conf.d/ssl_enp.conf;
ssl_certificate /etc/internal_trust/live/domain_1/domain_1.crt;
ssl_certificate_key /etc/internal_trust/live/domain_1/domain_1.key;
}
# for *.sg
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain_2;
location /websocket/ {
proxy_pass http://websocket:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
## this is to proxy pass to the django container
location / {
proxy_pass http://django:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
location /websockets/ {
try_files $uri @proxy_websocket;
}
location @proxy_websocket {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://websocket:8001;
}
## this is to alias the /static to the /staticfiles folder inside django container
location /static/ {
alias /django/staticfiles/;
}
## this is to alias the /media to the /media folder inside django container
location /media/ {
alias /django/media/;
}
## this is for the various SSL settings
ssl_certificate /etc/internal_trust/live/domain_2/domain_2.crt;
ssl_certificate_key /etc/internal_trust/live/domain_2/domain_2.key;
}
## this is to block attempts by those using invalid host headers
server {
server_name _;
listen 80 default_server;
# we do not need to cater for ssl 443 for invalid host headers
return 444;
}
但由于某些原因,即使在我访问域2时,正在检索的证书始终是域1的证书
我不确定哪里出了错
域1工作正常只需连接到IP地址并检查配置中的第一个SSL即可。 如果您有更多的虚拟主机,curl将获得字母表中的第一个域,这对于通过IP addr请求来说是正常的 通过带有SSL的IP地址第一次配置的示例:
# curl -v -k 'https://127.0.0.1' -H 'Host: domain1.local'
...
...
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=RO; ST=Buc; L=Buc; O=TEST; OU=TEST; CN=domain1.local
...
...
<
* Connection #0 to host 127.0.0.1 left intact
domain1.local* Closing connection 0
但如果使用域名,请使用正确的SSL获取特定配置:
# curl -v -k 'https://domain1.local'
...
...
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=RO; ST=Buc; L=Buc; O=TEST; OU=TEST; CN=domain1.local
...
...
<
* Connection #0 to host domain1.local left intact
domain1.local* Closing connection 0
我设法解决了我的错误 只需更改下面的块 从 到
从你的问题来看,我似乎与dockerI无关,我看到有人请求关闭此服务器,因为有人认为将其置于服务器故障下更为正确。在这种情况下,请保持一致,并要求关闭其他问题,如此,我也检查了这似乎是一个灰色区域,但共识提示,如果这些问题不是生产环境,请将其保留在此处。然后我的回答是这是针对暂存和暂存域的。
# curl -v -k 'https://domain1.local'
...
...
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=RO; ST=Buc; L=Buc; O=TEST; OU=TEST; CN=domain1.local
...
...
<
* Connection #0 to host domain1.local left intact
domain1.local* Closing connection 0
# curl -v -k 'https://domain2.local'
...
...
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=RO; ST=Buc; L=Buc; O=TEST; OU=TEST; CN=domain2.local
...
...
<
* Connection #0 to host domain2.local left intact
domain2.local* Closing connection 0
server {
listen 80;
listen [::]:80;
server_name domain_1 domain_2;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name domain_1 ;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://domain_1$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name domain_2;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://domain_2$request_uri;
}