极客观点
项目管理
HarmonyOS
各位 大哥大姐 ,问一下 同一nginx中创建了 A、B、c 站点的情况下
B和C站点用myssl.com 检测出 A站点的ssl证书这种情况有没有啥办法解决
A站点:
{
listen 443 ssl http2;
listen 443 http3 reuseport;
server_name blog.645ds.com; #server_name end
index index.html index.htm index.php; #index end
set $subdomain '';
root /home/wwwroot/lnmp01/domain/blog.645ds.com/web$subdomain;
include /home/wwwroot/lnmp01/rewrite/amh.conf; #rewrite end
location ~ .*\.php$
{
fastcgi_pass unix:/tmp/php-cgi-lnmp01-blog.645ds.com.sock;
fastcgi_index index.php;
include fcgi.conf;
fastcgi_param DOCUMENT_ROOT /home/wwwroot/lnmp01/domain/blog.645ds.com/web$subdomain;
fastcgi_param SCRIPT_FILENAME /home/wwwroot/lnmp01/domain/blog.645ds.com/web$subdomain$fastcgi_script_name;
}
access_log off; #access_log end
error_log /dev/null; #error_log end
ssl_certificate_key /home/wwwroot/lnmp01/etc/blog.645ds.com-ssl-ssl/blog.645ds.com-ssl.key;
ssl_certificate /home/wwwroot/lnmp01/etc/blog.645ds.com-ssl-ssl/blog.645ds.com-ssl.crt;
ssl_stapling on;
resolver_timeout 3s;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_dhparam /home/wwwroot/lnmp01/etc/blog.645ds.com-ssl-ssl/blog.645ds.com-ssl.pem;
add_header Alt-Svc 'h3=":443";ma=86400, h3-27=":443"; ma=86400,h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3-30=":443"; ma=86400, h3-31=":443"; ma=86400, h3-32=":443"; ma=86400,h3-T050=":443"; ma=86400,h3-Q050=":443";ma=86400,h3-Q049=":443";ma=86400,h3-Q048=":443";ma=86400, h3-Q046=":443"; ma=86400,h3-Q043=":443";ma=86400';
add_header QUIC-Status $http3;
B站点:
listen 80;
listen 443 ssl http2; #listen end
listen 443 http3; #listen HTTP3
root /home/wwwroot/lnmp01/domain/ylwz.cc/web$subdomain;
include /home/wwwroot/lnmp01/rewrite/ylwz.cc.conf; #rewrite end
###SSL
ssl_certificate_key /home/wwwroot/lnmp01/vhost/cert/ylwz.cc/ylwz.cc-lessl.key;
ssl_certificate /home/wwwroot/lnmp01/vhost/cert/ylwz.cc/ylwz.cc.pem;
ssl_stapling on;
resolver_timeout 3s;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
#ssl_dhparam /home/wwwroot/lnmp01/vhost/cert/ylwz.cc/ylwz.cc-lessl.pem;
add_header Alt-Svc 'h3=":443";ma=86400, h3-27=":443"; ma=86400,h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3-30=":443"; ma=86400, h3-31=":443"; ma=86400, h3-32=":443"; ma=86400,h3-T050=":443"; ma=86400,h3-Q050=":443";ma=86400,h3-Q049=":443";ma=86400,h3-Q048=":443";ma=86400, h3-Q046=":443"; ma=86400,h3-Q043=":443";ma=86400';
add_header QUIC-Status $http3;
如果一个站点配一个证书,按理说应该不会出现你描述的那种情况。可以贴一下配置看看。