nginx配置多域名多个ssl证书

多域名多证书可以使用多个server 多个子配置文件进行设置并且方便管理

一个server设置多个域名和ssl证书
还有一种就是一个server设置多个域名和ssl证书

看图 因为80端口不涉及证书 所以这里以443端口为例

server_name 中第二个域名与第一个域名之间以空格隔开,

再复制一份ssl_certificate和ssl_certificate_key配置输入对应域名的证书文件地址即可。
nginx配置多域名多个ssl证书_第1张图片

多个server设置多个域名和ssl证书

server {
listen 443;
server_name www.b.cn;
ssl on;
#证书
ssl_certificate /data/key/server.crt;
ssl_certificate_key /data/key/server.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.228.191.237;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100m;
index index.html index.htm;
}
}
server {
listen 443;
server_name www.a.cn;
ssl on;
ssl_certificate /data/key/server1.crt;
ssl_certificate_key /data/key/server1.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://10.228.191.223;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100m;
index index.html index.htm;
}
}
修改80自动提升为https

server {
listen 80;
server_name localhost;
#重写协议
rewrite ^/(.*)$ https:$host/$1 redirect;
location / {
root html;
index index.html index.htm;
}

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}

你可能感兴趣的:(后端,ssl,nginx,https)