如何為 nginx 上的子網域設定 ssl

tag-icon tag-icon nginx ssl ssl-certificate
如何為 nginx 上的子網域設定 ssl

目前 Nginx 已設定為接受網域 ex: *.website.com 的通配符 SSL 憑證。

我沒有購買昂貴的通配符證書,而是為頂級域 website.com 購買了單域 SSL 證書

現在,我發現該服務實際上使用了兩個也需要在 SSL 下的子網域。

例如:a.website.com 和 b.website.com

問題。

如何更改 nginx 配置,以便當我為 a.website.com 購買單一子網域 SSL 憑證時,我可以指示 nginx 使用它。

Nginx 檔案目前如下所示:

server {
        listen 80;
        server_name website.io www.website.io;
        return 301 https://website.io$request_uri;
}

server {
        listen 443 ssl;
        ssl on;
        server_name website.io www.website.io;
    client_max_body_size 5m;
        add_header X-UA-Compatible    "IE=Edge,chrome=1";

    access_log /var/log/nginx/website.io_access.log;
    error_log /var/log/nginx/website.io_error.log;  

        ssl_certificate /srv/ssl/website.io/ssl.crt;
        ssl_certificate_key /srv/ssl/website.io/ssl.key;

        error_page 500 502 503 504 /500.html;
        location /500.html {
                root  /srv/static/website/maintenance;
        }

        location / {
        #auth_basic            "Restricted";
                #auth_basic_user_file  /etc/nginx/htpasswd.conf;

                include uwsgi_params;
        uwsgi_connect_timeout 30;
        uwsgi_read_timeout 30;
                uwsgi_pass 127.0.0.4:3031;
        }
}

答案1

您的配置將變成這樣(為了清楚起見,我已將範例中的網域變更為網域a.website.comb.website.com根據您的問題正文)

server {
        listen 80;
        server_name a.website.com;
        return 301 https://a.website.com$request_uri;
        }   

server {
        listen 443 ssl;
        server_name a.website.com;
        client_max_body_size 5m;
        add_header X-UA-Compatible    "IE=Edge,chrome=1";

        access_log /var/log/nginx/a.website_access.log;
        error_log /var/log/nginx/a.website_error.log;  

        ssl_certificate /srv/ssl/a.website/ssl.crt;
        ssl_certificate_key /srv/ssl/a.website/ssl.key;

        error_page 500 502 503 504 /500.html;
        location /500.html {
                root  /srv/static/website/maintenance;
        }

        location / {
                #auth_basic            "Restricted";
                #auth_basic_user_file  /etc/nginx/htpasswd.conf;
                include uwsgi_params;
                uwsgi_connect_timeout 30;
                uwsgi_read_timeout 30;
                uwsgi_pass 127.0.0.4:3031;
        }
}

server {
        listen 80;
        server_name b.website.com;
        return 301 https://b.website.com$request_uri;
        }   

server {
        listen 443 ssl;
        server_name b.website.com;
        client_max_body_size 5m;
        add_header X-UA-Compatible    "IE=Edge,chrome=1";

        access_log /var/log/nginx/b.website.com_access.log;
        error_log /var/log/nginx/b.website.com_error.log;  

        ssl_certificate /srv/ssl/b.website.com/ssl.crt;
        ssl_certificate_key /srv/ssl/b.website.com/ssl.key;

        error_page 500 502 503 504 /500.html;
        location /500.html {
                root  /srv/static/website/maintenance;
        }

        location / {
                #auth_basic            "Restricted";
                #auth_basic_user_file  /etc/nginx/htpasswd.conf;
                include uwsgi_params;
                uwsgi_connect_timeout 30;
                uwsgi_read_timeout 30;
                uwsgi_pass 127.0.0.4:3031;
        }
}

您可以根據需要對任意多個網站重複此操作,它只是為每個網站定義一個附加伺服器區塊

相關內容