我的nginx在cloudflare中运行,我遇到一个奇怪的问题:如果我使用一个域,我的网站可以正常工作,但是我的第二个域却无法正常工作,因为它无法建立安全连接。
这是我的nginx conf文件:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tautulli.trever.me stats.plex.trever.me;
ssl_certificate /etc/nginx/ssl/live/trever.me/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/trever.me/privkey.pem;
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
location / {
proxy_buffers 16 4k;
proxy_buffer_size 2k;
proxy_pass http://10.0.1.1:8181;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}
access_log /var/log/nginx/tautulli.trever.me/access.log;
error_log /var/log/nginx/tautulli.trever.me/error.log;
}
第一个是tautulli.trever.me,它没有任何问题,但是当我尝试使用stats.plex.trever.me时,它告诉我即使我使用相同的证书也无法建立安全连接。我检查了证书,并在其中包含此通配符SAN。即使那样,我仍然认为它只会发出警告并且不会完全失败。但是,这是我的证书输出:
root@server:/home/trever# openssl x509 -text -noout -in /etc/nginx2/ssl/live/trever.me/cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:39:22:8a:5b:b1:3d:be:53:c7:fd:6d:ae:f4:b4:8b:42:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Validity
Not Before: Mar 28 23:56:41 2020 GMT
Not After : Jun 26 23:56:41 2020 GMT
Subject: CN = trever.me
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:13:a2:0d:e3:1f:d3:d4:2f:27:39:a1:1e:09:
07:cd:e7:de:05:2e:12:9f:35:78:35:93:29:4e:ca:
26:b3:0f:03:9c:c5:8c:8d:bf:93:72:9c:14:be:61:
86:9e:1c:3e:9e:77:0c:34:d8:3a:d5:17:4b:e3:17:
dc:3b:cf:6a:d1:84:b8:b2:a9:5f:82:1c:dd:db:ca:
ed:8e:fe:cd:9a:de:5f:4e:43:df:eb:de:2d:51:5c:
97:3b:05:b3:fc:d4:50:14:f5:af:00:dc:1e:f4:08:
d7:9a:0c:46:e1:96:7f:84:2b:bd:7e:84:6e:57:b2:
53:d5:03:ff:63:36:ae:fa:b6:71:cb:c1:d9:52:3c:
b0:a5:35:d6:b6:18:84:c3:77:3e:59:88:d8:03:58:
a1:8b:b2:8d:2e:53:ce:a0:cd:c7:6b:a4:0b:1b:66:
2a:61:2b:ef:05:60:f8:ea:e8:f5:ae:30:a0:83:1e:
79:6a:8e:61:6f:39:d5:66:06:c2:bc:7a:7d:89:94:
5b:70:06:4d:0d:79:b9:b7:d5:47:c2:72:a5:a0:a5:
d3:3e:a3:6e:22:d8:77:96:c1:75:cf:ac:f9:48:8d:
5f:72:ef:d6:f6:1c:0f:be:7c:7f:ae:e5:72:03:3a:
65:28:59:8c:2c:3f:91:39:28:0b:13:50:51:3d:af:
1e:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E7:49:A2:6D:69:9C:CE:5C:34:92:76:48:73:5C:DC:A5:FE:17:BC:DB
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:*.plex.trever.me, DNS:*.trever.me, DNS:trever.me
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : F0:95:A4:59:F2:00:D1:82:40:10:2D:2F:93:88:8E:AD:
4B:FE:1D:47:E3:99:E1:D0:34:A6:B0:A8:AA:8E:B2:73
Timestamp : Mar 29 00:56:41.080 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:22:32:47:35:F7:41:8A:51:10:95:73:56:
F5:64:4C:10:2E:FD:4E:06:DA:4E:83:01:22:C3:EB:B6:
08:2A:38:6C:02:21:00:92:CE:5F:76:89:12:2F:91:56:
78:A6:75:FF:31:CD:F3:BF:F4:0F:18:78:92:5F:53:66:
F9:68:E8:75:CF:90:BD
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B2:1E:05:CC:8B:A2:CD:8A:20:4E:87:66:F9:2B:B9:8A:
25:20:67:6B:DA:FA:70:E7:B2:49:53:2D:EF:8B:90:5E
Timestamp : Mar 29 00:56:41.069 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:91:AD:D3:07:D5:D4:00:0A:DC:5F:AB:
F8:BB:A1:BC:75:A2:AE:FF:26:A5:99:7E:37:59:48:FC:
EE:D2:B5:F5:02:20:05:73:58:A0:8F:60:AF:A6:65:27:
38:48:CA:25:30:92:2A:DD:C2:E4:EC:AD:5D:32:D8:31:
59:95:09:07:58:0B
Signature Algorithm: sha256WithRSAEncryption
8f:1a:0f:d3:71:90:8a:f1:ba:de:f4:c3:36:fc:3b:a4:b0:fc:
53:05:1f:3d:a7:a5:21:b2:eb:b2:38:5b:31:5c:37:9a:90:38:
58:9e:25:2b:54:6c:0c:4d:eb:b2:d3:90:54:47:7a:6a:65:78:
9d:65:76:7f:40:e2:39:0a:48:09:ac:4f:aa:a5:31:13:dd:c3:
88:e0:da:e7:b7:21:d0:66:be:56:ae:6e:4d:07:85:33:65:b0:
f2:c0:6a:74:45:db:4b:6c:c5:5a:9d:19:d6:94:f5:23:f1:b5:
74:28:92:04:c5:f4:38:45:48:c9:11:a6:bc:1e:b7:1d:9d:35:
dc:ce:0d:28:83:30:30:23:6a:44:35:32:c3:f1:58:f1:f5:e3:
61:95:8a:da:26:c0:87:b9:10:dd:4f:20:5e:19:4b:6a:aa:8b:
8a:64:52:0f:1f:db:1a:f1:cb:5e:5e:9f:88:b0:f9:d3:76:ad:
25:11:7f:74:02:b5:48:f7:18:ad:66:68:01:ce:1d:2e:49:eb:
ab:77:1f:bf:dd:3c:26:19:6e:1b:cd:22:de:5d:96:f1:5e:7a:
74:f8:8b:d9:43:a1:77:d1:d5:0c:5d:d5:fb:cf:fc:ca:fd:3f:
42:53:7d:7c:4f:c6:47:9b:9d:75:c3:92:ca:36:d8:4b:0a:e9:
4a:35:15:15
为什么它可以与一个域一起使用,而不能与使用相同配置的其他域一起使用?
答案 0 :(得分:0)
您是否尝试为两个服务器创建两个单独的Nginx文件?
尝试创建单独的nginx文件并运行:sudo nginx -t
您的SSL证书是否用于 *。trever.me ?如果没有,请尝试为两个服务器分别生成一个证书。