zoukankan      html  css  js  c++  java

  • [nginx][tls] nginx配置https与ssl/tls的sni的方法

    一 https的sni配置方法

    http {
           }
           server {
                   listen 443 ssl;
                   server_name test1.www.local test1.tls.local;
                   ssl_certificate /root/sni/sni_test1.cer;
                   ssl_certificate_key /root/sni/sni_test1.key;
                   location / {
                           root /data/www;
                   }
           }
           server {
                   listen 443 ssl;
                   server_name test2.www.local test2.tls.local;
                   ssl_certificate /root/sni/sni_test2.cer;
                   ssl_certificate_key /root/sni/sni_test2.key;
                   location / {
                           root /data/www;
                   }
           }
           server {
                   listen 443 ssl;
                   server_name test3.www.local test3.tls.local;
                   ssl_certificate /root/sni/sni_test3.cer;
                   ssl_certificate_key /root/sni/sni_test3.key;
                   location / {
                           root /data/www;
                   }
           }
    }

    二 https的sni配置方法

    http {
           #map $server_name $sni_string {
           map $ssl_server_name $sni_string {
                   test1.www.local test1;
                   test2.www.local test2;
                   test3.www.local test3;
           #      default xxx;
           }
           server {
                   listen 443 ssl;
                   ssl_certificate /data/sni/sni_${sni_string}.cer;
                   ssl_certificate_key /data/sni/sni_${sni_string}.key;
                   location / {
                           root /data/www;
                   }
           }
    }

    三 tls的sni配置方法

    stream {
           upstream test {
                   server 127.0.0.1:50001;
           }

           map $ssl_server_name $sni_string {
                   test1.www.local test1;
                   test2.www.local test2;
                   test3.www.local test3;
                   default test1;
           }

           server {
                   listen 444 ssl;
                   ssl_certificate /data/sni/sni_${sni_string}.cer;
                   ssl_certificate_key /data/sni/sni_${sni_string}.key;
                   proxy_pass test;
           }
    }

    四 复合情况下sni的配置方法

    复合情况是指,多个server使用了相同的server name,又需要配置不同的证书文件时。

    使用map定义多个不同的变量映射的方法,可以支持多个server的情况,如下,分别定义了两个变量 $sni_string 与 $sni_string445

    用来处理不同的server。

    stream {
           upstream test {
                   server 127.0.0.1:50001;
           }

           map $ssl_server_name $sni_string {
                   test1.www.local test1;
                   test2.www.local test2;
                   test3.www.local test3;
                   default test1;
           }
           map $ssl_server_name $sni_string445 {
                   test1.www.local test4451;
                   test2.www.local test4452;
                   test3.www.local test4453;
                   default test4451;
           }
           server {
                   listen 444 ssl;
                   ssl_certificate /data/sni/sni_${sni_string}.cer;
                   ssl_certificate_key /data/sni/sni_${sni_string}.key;
                   proxy_pass test;
           }
           server {
                   listen 445 ssl;
                   ssl_certificate /data/sni445/sni_${sni_string445}.cer;
                   ssl_certificate_key /data/sni445/sni_${sni_string445}.key;
                   proxy_pass test;
           }
    }

    [author: classic_tong, date: 20190925] 
  • 相关阅读:
    iOS开发时区缩写
    HTTPS工作原理-默写
    【Swift学习笔记-《PRODUCT》读书记录-CoreData数据存储】
    判断是否是满二叉树
    词向量
    百面机器学习|第一章 特征工程
    c++中创建二维数组的几种方法
    深度学习入门|第七章 卷积神经网络(三)
    深度学习入门|第六章与学习相关的技巧(二)
    深度学习入门|第七章卷积神经网络
  • 原文地址:https://www.cnblogs.com/hugetong/p/11583789.html
Copyright © 2011-2022 走看看