极客观点
项目管理
HarmonyOS
前提
- 我有一个包含泛域名(
*.example.com和example.com)的证书; - 我的目的nginx,所有example.com一级、二级域名都用这一个证书;
实现方式
方式一:验证通过, 但冗余代码太多
每个匹配的域名 都加载证书, 个人感觉太累赘了,因为证书都是同一个
# example.com
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
...
}
}
# aaa.example.com
server {
listen 443;
server_name aaa.example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
...
}
}
# bbb.example.com
server {
listen 443;
server_name bbb.example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
...
}
}方式二:有问题 !!!
我想要把方式一中所有证书走统一路径,如何实现?
# 所有 符合 server_name 都加载些证书
server {
listen 443;
server_name *.example.com example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
# example.com
server {
listen 443;
server_name example.com;
location / {
...
}
}
# aaa.example.com
server {
listen 443;
server_name aaa.example.com;
location / {
...
}
}
# bbb.example.com
server {
listen 443;
server_name bbb.example.com;
location / {
...
}
}问题
如何不累赘(所有证书走统一路径)实现证书加载?
nginx 支持 include 的啊