我有一个Ubuntu的耐心与Nginx的版本:Nginx的/ 0.5.33
我有多个服务器,他们正在80端口完美工作。
现在,其中一些我想在端口443上使用SSL,并且每个都有自己的SSL证书。
问题是每个域都使用相同的ssl证书,并且在浏览器中出现一个错误,说明不匹配的名称为ssl证书。
我确定所有的证书都是有效的和正确的,path是正确的。 如果我只提供一个域,那么ssl证书是可以的,所以所有的文件都可以。
为什么nginx对所有的服务器configuration总是使用相同的ssl证书?
这里有两个例子,如果两者都是活动的,它总是需要ssl的domain1,如果我删除domain1,domain2与ssl工作正常的ssl文件。
谢谢,
米
nginx.conf文件:
user www-data; worker_processes 1; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; tcp_nodelay on; gzip on; include /etc/nginx/conf.d/*.conf; } domain1.conf文件:
server { listen 443; server_name domain1.montx.com; root /etc/nginx/sites-available/domain1; access_log /etc/nginx/sites-available/domain1/log/nginx.log; error_page 500 502 503 504 /500.html; client_max_body_size 50M; ssl on; ssl_certificate /etc/nginx/conf.d/domain1.crt; ssl_certificate_key /etc/nginx/conf.d/domain1.key; location / { auth_basic "Restricted"; auth_basic_user_file domain1_htpasswd; } }
domain2.conf文件:
upstream thin_domain2 { server unix:/tmp/thin_domain2.0.sock; server unix:/tmp/thin_domain2.1.sock; server unix:/tmp/thin_domain2.2.sock; } server { listen 443; ssl on; ssl_certificate /etc/nginx/conf.d/domain2.crt; ssl_certificate_key /etc/nginx/conf.d/domain2.key; server_name domain2.montx.com; root /u/apps/domain2/current/public; access_log /u/apps/domain2/shared/log/nginx.log; error_page 500 502 503 504 /500.html; client_max_body_size 50M; # First rewrite rule for handling maintenance page if (-f $document_root/system/maintenance.html) { rewrite ^(.*)$ /system/maintenance.html last; break; } location / { index index.html index.htm; # Forward information about the client and host # Otherwise our Rails app wouldn't have access to it proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_max_temp_file_size 0; # Directly serve static content location ~ ^/(images|javascripts|stylesheets)/ { expires 10y; } if (-f $request_filename) { break; } # Directly serve cached pages if (-f $request_filename.html) { rewrite (.*) $1.html break; } # Otherwise let Thin handle the request if (!-f $request_filename) { proxy_pass http://thin_domain2; break; } } }
您需要为要使用的每个SSL证书分配一个单独的IP地址。