我的一个nginx服务器上面同时部署了 a.aa.cc 和 b.bb.co 两个服务(各自都监听了 80 端口和 443 端口)
使用的是指定的 server_name (完全匹配模式)
也设置了fastcgi_param SERVER_NAME $host;
但是如果使用 openssl s_client -connect a.aa.cc:443 | openssl x509 -pubkey -noout
会获取得 b.bb.co 的公钥证书。
配置如下:
upstream web_server {
server 127.0.0.1:5001;
keepalive 65;
}
upstream web_server2 {
server 127.0.0.1:5002;
keepalive 65;
}
server {
listen 80;
server_name a.aa.cc;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name a.aa.cc;
access_log /var/log/nginx/a.aa.cc.access.log;
error_log /var/log/nginx/a.aa.cc.error.log;
ssl on;
ssl_certificate /etc/nginx/certs/a.aa.cc/ssl.pem;
ssl_certificate_key /etc/nginx/certs/a.aa.cc/ssl.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Nginx-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://web_server;
}
}
server {
listen 80;
server_name b.bb.co;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name b.bb.co;
access_log /var/log/nginx/b.bb.co.access.log;
error_log /var/log/nginx/b.bb.co.error.log;
ssl on;
ssl_certificate /etc/nginx/certs/b.bb.co/ssl.pem;
ssl_certificate_key /etc/nginx/certs/b.bb.co/ssl.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Nginx-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://web_server2;
}
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
