Example of configuring multiple SSL certificates for a single Nginx IP address
|
By default, Nginx supports only one SSL certificate per IP address. Multiple IP addresses are required to configure multiple SSL certificates. When public IP addresses are limited, you can use the TLS Server Name Indication extension (SNI, RFC 6066), which allows the browser to send the requested server name, that is, the Host, during the SSL handshake, so that Nginx can find the SSL configuration of the corresponding server. The configuration steps are as follows: 1. Check whether Nginx supports TLS $ nginx -V ... TLS SNI support enabled ... 2. If TLS SNI support disable occurs, you need to upgrade the openssl version and recompile nginx. The specific steps are as follows: First download openssl (version 1.0.1h is recommended) #wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz Download Nginx #wget http://nginx.org/download/nginx-1.9.9.tar.gz Unzip openssl #tar -zxvf openssl-1.0.1h.tar.gz Unzip nginx and compile #tar -zxvf nginx-1.9.9.tar.gz #cd nginx-1.9.9 #./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-openssl=../openssl-1.0.1h/ #make && make install #Check Nginx version information #/usr/local/nginx/sbin/nginx -V nginx version: nginx/1.9.9 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-55) built with OpenSSL 1.0.1h 5 Jun 2014 TLS SNI support enabled configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-openssl=../openssl-1.0.1h/ Configure the domain name certificate in Vhost
server
{
#########
listen 80;
listen 443 ssl;
#listen [::]:80;
server_name we.baohua.me;
root /home/wwwroot/we.baohua.me;
ssl on;
ssl_certificate_key /home/wwwroot/cert/we.baohua.me.key;
ssl_certificate /home/wwwroot/cert/we.baohua.me.crt;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
###############
}
Then, restart Nginx. The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM. You may also be interested in:
|
<<: How to implement navigation function in WeChat Mini Program
Recommend
Thinking about grid design of web pages
<br />Original address: http://andymao.com/a...
A brief discussion on the manifestation and value selection method of innodb_autoinc_lock_mode
Prerequisite: Percona 5.6 version, transaction is...
Use and understanding of MySQL triggers
Table of contents 1. What is a trigger? 2. Create...
Implementation code for partial refresh of HTML page
Event response refresh: refresh only when request...
Practical example of nested routes in vue.js Router
Table of contents Preface Setting up with Vue CLI...
Detailed steps to install web server using Apache httpd2.4.37 on centos8
Step 1: yum install httpd -y #Install httpd servi...
Node+socket realizes simple chat room function
This article shares the specific code of node+soc...
MySQL 8.0.12 installation and configuration method graphic tutorial (Windows version)
1. Introduction MySQL is used in the project. I i...
HTML Tutorial: Collection of commonly used HTML tags (4)
Related articles: Beginners learn some HTML tags ...
Zabbix configuration DingTalk alarm function implementation code
need Configuring DingTalk alarms in Zabbix is s...
Thirty HTML coding guidelines for beginners
1. Always close HTML tags In the source code of p...
A brief discussion on the execution details of Mysql multi-table join query
First, build the case demonstration table for thi...
How to implement navigation function in WeChat Mini Program
1. Rendering2. Operation steps 1. Apply for Tence...
Building a LEMP (Linux+Nginx+MySQL+PHP) environment under CentOS 8.1 (tutorial details)
Table of contents Step 1: Update Packages on Cent...
Web designer's growth experience
<br />First of all, I have to state that I a...