Nginx 如何在1个数字海洋水滴上拥有多个域共享自我证书ssl证书
我创建了如下证书: 以下步骤来自:Nginx 如何在1个数字海洋水滴上拥有多个域共享自我证书ssl证书,nginx,ssl-certificate,digital-ocean,Nginx,Ssl Certificate,Digital Ocean,我创建了如下证书: 以下步骤来自: 使用我的域示例: 通用名称(例如服务器FQDN或您的姓名): 在文章中,它说我只能有一个默认服务器,我假设self-cert可以使用它 假设我的nginx上有两个网站,如下所示: /etc/nginx/sites available/examplesite1.com /etc/nginx/sites available/examplesite2.com 两者都使用如下配置:(第二个示例为examplesite2.com) 注意,在本例中,我将转发到代
- 通用名称(例如服务器FQDN或您的姓名):
server {
listen 80;
server_name examplesite1.com www.examplesite1.com;
return 301 https://$server_name$request_uri;
client_max_body_size 10G;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8000;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server {
# SSL configuration
server_name www.examplesite1.com www.www.examplesite1.com;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
}
适当设置符号链接:
ln -s /etc/nginx/sites-available/examplesite1.com /etc/nginx/sites-enabled/examplesite1.com
ln -s /etc/nginx/sites-available/examplesite2.com /etc/nginx/sites-enabled/examplesite2.com
如果我将“default_server”更改为我的url,它将破坏nginx配置
listen 443 ssl http2 www.examplesite1.com;
错误
nginx:[emerg]在/etc/nginx/sites enabled/examplesite1.com中的参数“www.examplesite1.com”无效:18
nginx:配置文件/etc/nginx/nginx.conf测试失败
问题是,如果我像这样保留默认服务器,它就不会将代理转发到我的nginx服务器,而是转到我的默认服务器,这是我不需要的nginx index.html登录页。我意识到了我的错误
此代码在第一个服务器块中从未到达,因此需要进入listen:443服务器块:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8000;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
对default_server的引用没有破坏它,但我已经删除了它
现已更新:
server {
listen 80;
server_name examplesite1.com www.examplesite1.com;
# redirect to https
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
server_name examplesite1.com www.examplesite1.com;
# remove redirect and replae with proxy stuff here...
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8000;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
我意识到我的错误
此代码在第一个服务器块中从未到达,因此需要进入listen:443服务器块:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8000;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
对default_server的引用没有破坏它,但我已经删除了它
现已更新:
server {
listen 80;
server_name examplesite1.com www.examplesite1.com;
# redirect to https
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
server_name examplesite1.com www.examplesite1.com;
# remove redirect and replae with proxy stuff here...
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8000;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}