Example of configuring multiple SSL certificates for a single Nginx IP address
|
By default, Nginx supports only one SSL certificate per IP address. Multiple IP addresses are required to configure multiple SSL certificates. When public IP addresses are limited, you can use the TLS Server Name Indication extension (SNI, RFC 6066), which allows the browser to send the requested server name, that is, the Host, during the SSL handshake, so that Nginx can find the SSL configuration of the corresponding server. The configuration steps are as follows: 1. Check whether Nginx supports TLS $ nginx -V ... TLS SNI support enabled ... 2. If TLS SNI support disable occurs, you need to upgrade the openssl version and recompile nginx. The specific steps are as follows: First download openssl (version 1.0.1h is recommended) #wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz Download Nginx #wget http://nginx.org/download/nginx-1.9.9.tar.gz Unzip openssl #tar -zxvf openssl-1.0.1h.tar.gz Unzip nginx and compile #tar -zxvf nginx-1.9.9.tar.gz #cd nginx-1.9.9 #./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-openssl=../openssl-1.0.1h/ #make && make install #Check Nginx version information #/usr/local/nginx/sbin/nginx -V nginx version: nginx/1.9.9 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-55) built with OpenSSL 1.0.1h 5 Jun 2014 TLS SNI support enabled configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-openssl=../openssl-1.0.1h/ Configure the domain name certificate in Vhost
server
{
#########
listen 80;
listen 443 ssl;
#listen [::]:80;
server_name we.baohua.me;
root /home/wwwroot/we.baohua.me;
ssl on;
ssl_certificate_key /home/wwwroot/cert/we.baohua.me.key;
ssl_certificate /home/wwwroot/cert/we.baohua.me.crt;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
###############
}
Then, restart Nginx. The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM. You may also be interested in:
|
<<: How to implement navigation function in WeChat Mini Program
Recommend
HTML Tutorial: Collection of commonly used HTML tags (4)
Related articles: Beginners learn some HTML tags ...
MySQL encoding utf8 and utf8mb4 utf8mb4_unicode_ci and utf8mb4_general_ci
Reference: MySQL character set summary utf8mb4 ha...
How to Customize Bash Command Prompt in Linux
Preface As we all know, bash (the B ourne-A gain ...
Summary of HTML knowledge points for the front end (recommended)
1. HTML Overview htyper text markup language Hype...
Linux type version memory disk query command introduction
1. First, let’s have a general introduction to th...
How to configure Nginx to split traffic based on the last segment of the request IP
It is mainly the configuration jump of the if jud...
Example code for hiding element scrollbars using CSS
How can I hide the scrollbars while still being a...
CSS3 mouse hover transition zoom effect
The following is a picture mouse hover zoom effec...
Summary of Linux command methods to view used commands
There are many commands used in the system, so ho...
What is ssh? How to use? What are the misunderstandings?
Table of contents Preface What is ssh What is ssh...
Tutorial diagram of using Jenkins for automated deployment under Windows
Today we will talk about how to use Jenkins+power...
mysql5.7.17.msi installation graphic tutorial
mysql-5.7.17.msi installation, follow the screens...
PNG Alpha Transparency in IE6 (Complete Collection)
Many people say that IE6 does not support PNG tra...
Solve the problem that the commonly used Linux command "ll" is invalid or the command is not found
question: The commonly used command "ll"...
Basic usage of find_in_set function in mysql
Preface This is a new function I came across rece...