如何在nginx上使用letsencrypt配置多个域

时间:2016-11-07 06:38:13

标签: ssl nginx lets-encrypt

尝试为2个域配置SSL时出现了一些问题(link之后)。请帮我!

我的背景是:

  • 我的服务器上有2个域: example.com test.com

我想为2个以上的域配置SSL。这是配置: 档案/etc/nginx/sites-available/example

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}


server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

    root /home/user1/example-com;
    index index.php index.html index.htm;

    server_name example.com www.example.com;

    location ~ ^/index.php/.*$ {
            try_files $uri $uri/ /index.php?$args;
    }

    access_log /var/log/nginx/example-access.log;
    error_log /var/log/nginx/example-error.log;

    location ~ /.well-known {
        allow all;
    }   

    # other configurations
}

档案/etc/nginx/sites-available/test

server {
    listen 80;
    listen [::]:80;
    server_name test.com www.test.com;
    return 301 https://$server_name$request_uri;
}


server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

#    include snippets/ssl-test.com.conf;    # I tried with other file but it didn't work
#    include snippets/ssl-params.conf;

    root /home/user1/test-tk;
    index index.php index.html index.htm;

    server_name test.com www.test.com;

    # Make site accessible from http://localhost/
    # server_name test.com;
    location ~ ^/index.php/.*$ {
            try_files $uri $uri/ /index.php?$args;
    }

    access_log /var/log/nginx/test-access.log;
    error_log /var/log/nginx/test-error.log;

    location ~ /.well-known {
        allow all;
    }   

    # other configurations  
}

重新使用nginx后没有任何错误。

我可以使用https://example.com/访问,第一个网站的一切正常。但是对于第二个站点,它不起作用。我得到警告"你的连接不是私密的"访问链接https://test.com/时。

1 个答案:

答案 0 :(得分:0)

而不是行:

    setRetainInstance(true)

使用特定于站点的配置(或替换include snippets/ssl-example.com.conf; 的内容):

ssl-example.com.conf

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 应包含以下内容:

ssl-params.conf

(不一定是完美的配置,但它应该完成这项工作)。特别是 ssl on; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; 行非常重要。

相关问题
最新问题