nginx扩展之支持多个ssl加密虚拟主机

nginx支持一台服务器唯一IP:PORT，根据server_name创建区分多个经过ssl加密的https虚拟主机，apache不支持

 

生成www.magedu.net域名证书：

[root@centos7.6 logs]# cd /etc/pki/tls/certs/
[root@centos7.6 certs]# vim Makefile
%.key:
        umask 77 ; \
        #/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
        /usr/bin/openssl genrsa $(KEYLEN) > $@                    #去掉-aes128，创建私钥key时，不会再有输入密码加密key的过程，生成无加密的key
[root@centos7.6 certs]# mv magedu.net* /apps/nginx4/ssl/
[root@centos7.6 certs]# ll /apps/nginx4/ssl/                      #
total 16
-rw------- 1 root root 1330 Mar  8 15:23 magedu.net.crt
-rw-r--r-- 1 root root 1679 Mar  8 15:22 magedu.net.key
-rw------- 1 root root 1330 Mar  7 14:11 magedu.org.crt
-rw------- 1 root root 1675 Mar  7 14:12 magedu.org.key

nginx配置：

[root@centos7.6 certs]# vim /apps/nginx4/conf/conf.d/test.conf
server {
        listen 443 ssl;
        listen 80;
        server_name www.magedu.org;
        root /data/site14/;
        #ssl on;
        ssl_certificate /apps/nginx4/ssl/magedu.org.crt;
        ssl_certificate_key /apps/nginx4/ssl/magedu.org.key;
        ssl_session_cache shared:sslcache:20m;
        ssl_session_timeout 10m;
        access_log /apps/nginx4/logs/magedu.org.ssl.access.log  access_json ;
        location / {
                if ($scheme = http) {
                        rewrite ^/(.*)$ https://www.magedu.org/$1 permanent;
                }
        }
}
server {
        listen 443 ssl;
        listen 80;
        server_name www.magedu.net;
        root /data/site1/;
        ssl_certificate /apps/nginx4/ssl/magedu.net.crt;
        ssl_certificate_key /apps/nginx4/ssl/magedu.net.key;
        ssl_session_cache shared:sslcache:20m;
        ssl_session_timeout 10m;
        access_log /apps/nginx4/logs/magedu.net.ssl.access.log  access_json;
        location / {
                if ($scheme = http) {
                        rewrite ^/(.*)$ https://www.magedu.net/$1 permanent;
                }
        }
}

验证：

[root@centos7.6 ~]# curl -Lk http://www.magedu.net/
/data/site1/index.html
{"@timestamp":"2021-03-08T15:41:13+08:00","host":"10.0.0.126","clientip":"10.0.0.126","size":185,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","scheme":"http","http_host":"www.magedu.net","uri":"/","domain":"www.magedu.net","xff":"-","referer":"-","tcp_xff":"","http_user_agent":"curl/7.29.0","status":"301"}
{"@timestamp":"2021-03-08T15:41:13+08:00","host":"10.0.0.126","clientip":"10.0.0.126","size":23,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","scheme":"https","http_host":"www.magedu.net","uri":"/index.html","domain":"www.magedu.net","xff":"-","referer":"-","tcp_xff":"","http_user_agent":"curl/7.29.0","status":"200"}


[root@centos7.6 ~]# curl -Lk http://www.magedu.org
/data/site14/index.html
{"@timestamp":"2021-03-08T15:50:11+08:00","host":"10.0.0.126","clientip":"10.0.0.126","size":185,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","scheme":"http","http_host":"www.magedu.org","uri":"/","domain":"www.magedu.org","xff":"-","referer":"-","tcp_xff":"","http_user_agent":"curl/7.29.0","status":"301"}
{"@timestamp":"2021-03-08T15:50:11+08:00","host":"10.0.0.126","clientip":"10.0.0.126","size":24,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","scheme":"https","http_host":"www.magedu.org","uri":"/index.html","domain":"www.magedu.org","xff":"-","referer":"-","tcp_xff":"","http_user_agent":"curl/7.29.0","status":"200"}

浏览器F12： 301重定向缓存：Status Code: 301 Moved Permanently (from disk cache)

nginx实现此功能的原因：

[root@centos7.6 ~]# nginx  -V
nginx version: nginx/1.14.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled