如何修复Nginx多个域SSL错误

时间:2019-07-15 19:20:44

标签: ssl nginx devops lets-encrypt nginx-config

我有2个域,我的nginx配置如下。当我键入example.com时,可以使用ssl打开网站,没有任何问题,但是如果我键入example.nl浏览器会显示“您的连接不是私有的”警告。

我通过更改配置测试了两个域证书,并且两个证书都可以正常工作。

出什么问题了?我该如何解决?

upstream website {
    server web:8000;
}

server {
    listen 80;
    server_tokens off;
    server_name *.example.com *.example.nl;


    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name *.example.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


    # serve static files
    location /static/ {
        alias /static/;
    }

    # serve media files
    location /media/ {
        alias /media/;
    }


    location / {
        proxy_pass  http://ourwebsite;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}


server {
    listen 443 ssl;
    server_name *.example.nl;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/example.nl/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.nl/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


    # serve static files
    location /static/ {
        alias /static/;
    }

    # serve media files
    location /media/ {
        alias /media/;
    }


    location / {
        proxy_pass  http://website;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

1 个答案:

答案 0 :(得分:0)

TLDR:您的姓名不匹配

对于server{}server_name值分别为*.example.com*.example.nl的SSL,您有example.com个块,但是您正在请求example.nl*.example.com。这些与两个服务器块都不匹配。像abc.example.com这样的DNS通配符会匹配该标签中的 any 值(wazoo.example.comoompapaoompapaoompapa.example.comexample.com),但不匹配带有< em> no 这样的标签,例如*。您可能将其与shell'glob'或正则表达式(例如sed,awk,perl等)混淆,其中example.com是具有零个或多个语义的'Kleene star'。

由于您的请求与任何一个服务器块都不匹配,因此nginx使用默认服务器块;由于您没有明确指定默认块,因此nginx使其成为第一个。第一个SSL服务器块使用example.com的证书,因此对example.nl的请求与该证书匹配并起作用,而对*.example.nl的请求不匹配且失败。如果仅将example.nl块配置为{em> ,则它现在是第一个块,因此也是默认块,因此对example.com的请求有效,但对import React, { Component } from 'react'; import {StyleSheet, View, TextInput, TouchableOpacity, Text, Image, FlatList, Dimensions} from 'react-native'; const data = [ {id: 'a', value: 'A'}, {id: 'b', value: 'B'}, {id: 'c', value: 'C'}, {id: 'd', value: 'D'}, {id: 'e', value: 'E'}, {id: 'f', value: 'F'}, ]; const numColumns = 3; const size = Dimensions.get('window').width/numColumns; class App extends Component { constructor(props) { //constructor to set default state super(props); this.state = { keyword: '', }; } render() { return ( <View> <View style={styles.searchInput}> <TouchableOpacity style={{padding:15,right:0,position:'absolute'}} onPress={()=>'tes'}> </TouchableOpacity> <TextInput placeholder="Search..." style={{paddingRight:50}} onChangeText={keyword => this.setState({ keyword })} /> </View> <View style={styles.con}> <Text style={styles.textC}>Test</Text> <FlatList data={data} renderItem={({item}) => ( <View style={styles.itemContainer}> <Text style={styles.item}>{item.value}</Text> </View> )} keyExtractor={item => item.id} numColumns={numColumns} /> </View> </View> ); } } const styles = StyleSheet.create({ itemContainer: { width: size, height: size, }, item: { flex: 1, margin: 3, backgroundColor: '#97ff49', }, con: { flex: 1, //justifyContent: 'center', alignItems: 'center', marginTop: 15 }, searchInput: { borderWidth:0.8, borderColor: '#234q42', marginHorizontal:15, paddingHorizontal:15, marginTop:10, backgroundColor:'#fff', borderRadius:4, fontSize: 12, flexDirection:'row', }, textC: { fontSize: 17, fontWeight: 'bold', marginTop: 5, marginBottom: 5, color: 'aee314' } }); export default App; 的请求失败。 / p>

将您的server_name更改为或包含与您使用的实际名称的匹配项。