我在我的服务器上创build了一个GitLab实例,我们称之为git.domain1.tld 。 当我连接到https://git.domain1.tld它工作正常。 但是,当我连接到https://domain2.tld ,它显示与https://git.domain1.tld相同的内容,实际上,我没有为domain2.tld HTTPS定义的行为。
我不知道该怎么称呼这种行为,所以我在search互联网寻找解决scheme时遇到了麻烦。
/etc/nginx/sites-available/domain2.tld :
server { listen 80 default_server; server_name domain2.tld www.domain2.tld; root /srv/domain2.tld/www/; index index.php index.html index.htm; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } }
/ etc / nginx / sites-available / gitlab :
# GITLAB # Maintainer: @yin8086 # App Version: 4.1 # Modified from nginx http version # Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/ # You need from run openssl to generate the ssl certificate. # $ sudo openssl req -new -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key # $ sudo chmod or gitlab.key upstream gitlab { server unix:/home/git/gitlab/tmp/sockets/gitlab.socket; } # This is a normal HTTP host which redirects all traffic to the HTTPS host. server { listen 80; server_name git.domain1.tld; server_tokens off; root /nowhere; rewrite ^ https://git.domain1.tld$request_uri permanent; } server { listen 443; server_name git.domain1.tld; server_tokens off; root /home/git/gitlab/public; ssl on; ssl_certificate /etc/nginx/conf/git-unified.crt; ssl_certificate_key /etc/nginx/conf/git.key; ssl_protocols SSLv3 TLSv1; ssl_ciphers AES:HIGH:!ADH:!MD5; ssl_prefer_server_ciphers on; # individual nginx logs for this gitlab vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; location / { # serve static files from defined root folder;. # @gitlab is a named location for the upstream fallback, see below try_files $uri $uri/index.html $uri.html @gitlab; } # if a file, which is not found in the root folder is requested, # then the proxy pass the request to the upsteam (gitlab unicorn) location @gitlab { proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 proxy_redirect off; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Ssl on; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://gitlab; } }
没有SNI或UCC证书,这就是SSL的工作原理。 一个IP到一个SSL证书。
原因是被请求的域名是encryption包的一部分,所以nginx / Apache /等。 不知道哪个网站服务,直到解密后 …这是由该域的默认虚拟主机完成。
我能够通过以下设置解决此问题:
在/ etc / nginx的/网站可用/默认
server { listen [::]:80 default ipv6only=on; listen [::]:443 default ipv6only=on; ... }
/etc/nginx/sites-available/domain2.tld
server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name domain2.tld www.domain2.tld; server_tokens off; root /srv/pandamonia.us/www/; ssl_certificate /etc/nginx/conf/www-unified.crt; ssl_certificate_key /etc/nginx/conf/www.key; ssl_protocols SSLv3 TLSv1; ssl_ciphers AES:HIGH:!ADH:!MD5; ssl_prefer_server_ciphers on; ... }
在/ etc / nginx的/网站可用/ gitlab
server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name git.domain1.tld; server_tokens off; root /home/git/gitlab/public; if ($scheme != "https") { rewrite ^ https://git.domain1.tld$request_uri permanent; } ssl_certificate /etc/nginx/conf/git-unified.crt; ssl_certificate_key /etc/nginx/conf/git.key; ssl_protocols SSLv3 TLSv1; ssl_ciphers AES:HIGH:!ADH:!MD5; ssl_prefer_server_ciphers on; ... }