Example of configuring multiple SSL certificates for a single Nginx IP address
|
By default, Nginx supports only one SSL certificate per IP address. Multiple IP addresses are required to configure multiple SSL certificates. When public IP addresses are limited, you can use the TLS Server Name Indication extension (SNI, RFC 6066), which allows the browser to send the requested server name, that is, the Host, during the SSL handshake, so that Nginx can find the SSL configuration of the corresponding server. The configuration steps are as follows: 1. Check whether Nginx supports TLS $ nginx -V ... TLS SNI support enabled ... 2. If TLS SNI support disable occurs, you need to upgrade the openssl version and recompile nginx. The specific steps are as follows: First download openssl (version 1.0.1h is recommended) #wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz Download Nginx #wget http://nginx.org/download/nginx-1.9.9.tar.gz Unzip openssl #tar -zxvf openssl-1.0.1h.tar.gz Unzip nginx and compile #tar -zxvf nginx-1.9.9.tar.gz #cd nginx-1.9.9 #./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-openssl=../openssl-1.0.1h/ #make && make install #Check Nginx version information #/usr/local/nginx/sbin/nginx -V nginx version: nginx/1.9.9 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-55) built with OpenSSL 1.0.1h 5 Jun 2014 TLS SNI support enabled configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-openssl=../openssl-1.0.1h/ Configure the domain name certificate in Vhost
server
{
#########
listen 80;
listen 443 ssl;
#listen [::]:80;
server_name we.baohua.me;
root /home/wwwroot/we.baohua.me;
ssl on;
ssl_certificate_key /home/wwwroot/cert/we.baohua.me.key;
ssl_certificate /home/wwwroot/cert/we.baohua.me.crt;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
###############
}
Then, restart Nginx. The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM. You may also be interested in:
|
<<: How to implement navigation function in WeChat Mini Program
Recommend
N ways to align the last row of lists in CSS flex layout to the left (summary)
I would like to quote an article by Zhang Xinxu a...
MySQL InnoDB MRR Optimization Guide
Preface MRR is the abbreviation of Multi-Range Re...
CSS3 custom scroll bar style::webkit-scrollbar sample code detailed explanation
The default scroll bar style in Windows is ugly, ...
An exploration of the JS operator in problem
Here's the thing: Everyone knows about "...
CSS3 uses transform to create a moving 2D clock
Now that we have finished the transform course, l...
C# implements MySQL command line backup and recovery
There are many tools available for backing up MyS...
Example of how to install nginx to a specified directory
Due to company requirements, two nginx servers in...
How to remotely log in to the MySql database?
Introduction: Sometimes, in order to develop a pr...
Our thoughts on the UI engineer career
I have been depressed for a long time, why? Some t...
Vue implements anchor positioning function
This article example shares the specific code of ...
How to build LNMP environment on Ubuntu 20.04
Simple description Since it was built with Centos...
How to enable MySQL remote connection in Linux server
Preface Learn MySQL to reorganize previous non-MK...
Summary of several replication methods for MySQL master-slave replication
Asynchronous replication MySQL replication is asy...
Implementation of k8s deployment of docker container
Environment: (docker, k8s cluster), continue with...
XHTML Getting Started Tutorial: Using the Frame Tag
<br />The frame structure allows several web...