鉴于我在DNS中配置了2个子域(因此同时使用我的服务器的IP地址同时回复两者),对于这些子域,我有2个不同的TLS证书.
我用这种方式配置了Nginx:
# If we receive X-Forwarded-Proto,pass it through; otherwise,pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive Upgrade,set Connection to "upgrade"; otherwise,delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' '';
}
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+RSS text/javascript;
access_log /var/log/Nginx.log;
error_log /var/log/Nginx_errors.log;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
server {
listen 80 default_server;
server_name _; # This is just an invalid value which will never trigger on a real hostname.
return 503;
server_tokens off; # Hide the Nginx version
}
upstream sub1.domain.tld {
server 172.17.0.27:5000;
}
server {
server_name sub1.domain.tld;
server_tokens off; # Hide the Nginx version
listen 443 ssl;
ssl_certificate /etc/Nginx/ssl/sub1.domain.tld.crt;
ssl_certificate_key /etc/Nginx/ssl/sub1.domain.tld.key;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/Nginx/htpasswd/sub1.htpasswd;
proxy_pass http://sub1.domain.tld;
}
}
此时,如果我转到https://sub1.domain.tld,一切正常.
现在,如果我尝试访问尚未配置的https://sub2.domain.tld,所以不应该回复它接受连接并告诉我证书的问题,因为它与服务器名称不匹配,所以看起来好像使用此配置,Nginx将所有请求的证书发送到443端口.
我应该如何更改配置以便访问https://sub2.domain.tld失败(例如503错误),直到我通过添加新服务器指令进行配置为止?
最佳答案
原文链接:https://www.f2er.com/nginx/435443.html