我遇到了一个奇怪的Nginx SSL问题,我似乎无法弄明白。
正在发生的事情是一些用户在浏览“site2.com”时收到无效的SSL证书错误,在错误中它表示site2的SSL实际上是针对site1.com的,所以出于某种原因,Nginx正在从site1加载SSL对于site2。
因此,为了排除故障,我尝试从nginx配置中删除整个“SITE_1”块,然后根本不加载site2.com。所以我对我做错了什么非常困惑。
有人可以帮助我吗?
# SITE_1
server {
listen 443;
ssl on;
server_name site1.com;
client_max_body_size 10M;
client_body_buffer_size 128k;
ssl_certificate /home/sites/conf/ssl_site1.crt;
ssl_certificate_key /home/sites/conf/ssl_site1.key;
ssl_session_timeout 25m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
proxy_pass http://apache_server;
}
}
# SITE_2
server {
listen 443;
server_name site2.com;
client_max_body_size 10M;
client_body_buffer_size 128k;
ssl_certificate /home/sites/conf/ssl_site2.crt;
ssl_certificate_key /home/sites/conf/ssl_site2.key;
ssl_session_timeout 25m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
gzip on;
gzip_static on;
gzip_buffers 16 8k;
gzip_comp_level 9;
gzip_http_version 1.0;
gzip_min_length 0;
gzip_types text/plain text/css application/x-javascript;
gzip_vary on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_send_timeout 240;
send_timeout 240;
proxy_pass http://apache_server;
}
}
答案 0 :(得分:0)
看起来site2服务器声明缺少ssl on;配置。在site1中,您可以直接在listen下。