Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
3.5k views
in Technique[技术] by (71.8m points)

nginx挂载不同服务在443/80端口,但 server_name 没有起效?

我的一个nginx服务器上面同时部署了 a.aa.cc 和 b.bb.co 两个服务(各自都监听了 80 端口和 443 端口)
使用的是指定的 server_name (完全匹配模式)

也设置了fastcgi_param SERVER_NAME $host;
但是如果使用 openssl s_client -connect a.aa.cc:443 | openssl x509 -pubkey -noout
会获取得 b.bb.co 的公钥证书。

配置如下:

upstream web_server {
  server 127.0.0.1:5001;
  keepalive 65;
}

upstream web_server2 {
  server 127.0.0.1:5002;
  keepalive 65;
}


server {
  listen        80;
  server_name   a.aa.cc;
  rewrite ^(.*) https://$server_name$1 permanent;
}

server {
  listen      443;
  server_name a.aa.cc;
  access_log  /var/log/nginx/a.aa.cc.access.log;
  error_log   /var/log/nginx/a.aa.cc.error.log;

  ssl on;
  ssl_certificate     /etc/nginx/certs/a.aa.cc/ssl.pem;
  ssl_certificate_key /etc/nginx/certs/a.aa.cc/ssl.key;

  location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   Host  $http_host;
    proxy_set_header   X-Nginx-Proxy true;
    proxy_set_header   Connection "";
    proxy_http_version 1.1;
    proxy_pass         http://web_server;
  }
}

server {
  listen        80;
  server_name   b.bb.co;
  rewrite ^(.*) https://$server_name$1 permanent;
}

server {
  listen      443;
  server_name b.bb.co;
  access_log  /var/log/nginx/b.bb.co.access.log;
  error_log   /var/log/nginx/b.bb.co.error.log;

  ssl on;
  ssl_certificate     /etc/nginx/certs/b.bb.co/ssl.pem;
  ssl_certificate_key /etc/nginx/certs/b.bb.co/ssl.key;

  location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   Host  $http_host;
    proxy_set_header   X-Nginx-Proxy true;
    proxy_set_header   Connection "";
    proxy_http_version 1.1;
    proxy_pass         http://web_server2;
  }
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

你修改配置后重新加载配置让配置生效没有?
你配置的密钥文件检查是正确的?没有出现误放可能?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...