zoukankan      html  css  js  c++  java
  • [nginx][tls] nginx配置https与ssl/tls的sni的方法

    一 https的sni配置方法

    http {
           }
           server {
                   listen 443 ssl;
                   server_name test1.www.local test1.tls.local;
                   ssl_certificate /root/sni/sni_test1.cer;
                   ssl_certificate_key /root/sni/sni_test1.key;
                   location / {
                           root /data/www;
                   }
           }
           server {
                   listen 443 ssl;
                   server_name test2.www.local test2.tls.local;
                   ssl_certificate /root/sni/sni_test2.cer;
                   ssl_certificate_key /root/sni/sni_test2.key;
                   location / {
                           root /data/www;
                   }
           }
           server {
                   listen 443 ssl;
                   server_name test3.www.local test3.tls.local;
                   ssl_certificate /root/sni/sni_test3.cer;
                   ssl_certificate_key /root/sni/sni_test3.key;
                   location / {
                           root /data/www;
                   }
           }
    }

    二 https的sni配置方法

    http {
           #map $server_name $sni_string {
           map $ssl_server_name $sni_string {
                   test1.www.local test1;
                   test2.www.local test2;
                   test3.www.local test3;
           #      default xxx;
           }
           server {
                   listen 443 ssl;
                   ssl_certificate /data/sni/sni_${sni_string}.cer;
                   ssl_certificate_key /data/sni/sni_${sni_string}.key;
                   location / {
                           root /data/www;
                   }
           }
    }

    三 tls的sni配置方法

    stream {
           upstream test {
                   server 127.0.0.1:50001;
           }

           map $ssl_server_name $sni_string {
                   test1.www.local test1;
                   test2.www.local test2;
                   test3.www.local test3;
                   default test1;
           }

           server {
                   listen 444 ssl;
                   ssl_certificate /data/sni/sni_${sni_string}.cer;
                   ssl_certificate_key /data/sni/sni_${sni_string}.key;
                   proxy_pass test;
           }
    }

    四 复合情况下sni的配置方法

    复合情况是指,多个server使用了相同的server name,又需要配置不同的证书文件时。

    使用map定义多个不同的变量映射的方法,可以支持多个server的情况,如下,分别定义了两个变量 $sni_string 与 $sni_string445

    用来处理不同的server。

    stream {
           upstream test {
                   server 127.0.0.1:50001;
           }

           map $ssl_server_name $sni_string {
                   test1.www.local test1;
                   test2.www.local test2;
                   test3.www.local test3;
                   default test1;
           }
           map $ssl_server_name $sni_string445 {
                   test1.www.local test4451;
                   test2.www.local test4452;
                   test3.www.local test4453;
                   default test4451;
           }
           server {
                   listen 444 ssl;
                   ssl_certificate /data/sni/sni_${sni_string}.cer;
                   ssl_certificate_key /data/sni/sni_${sni_string}.key;
                   proxy_pass test;
           }
           server {
                   listen 445 ssl;
                   ssl_certificate /data/sni445/sni_${sni_string445}.cer;
                   ssl_certificate_key /data/sni445/sni_${sni_string445}.key;
                   proxy_pass test;
           }
    }

    [author: classic_tong, date: 20190925] 

  • 相关阅读:
    安装ffmpeg视频软件 Linux
    Linux 计划任务
    分享一个大牛的博客地址
    yii验证码Captcha使用以及为什么验证码不刷新问题
    YII缓存之数据缓存
    YII用户注册和用户登录(二)之登录和注册在视图通过表单使用YII小物件并分析
    YIIMVC之用户注册和用户登录
    yii 总结
    yii linux 自动执行脚本
    yii downlist
  • 原文地址:https://www.cnblogs.com/hugetong/p/11583789.html
Copyright © 2011-2022 走看看