nginx在默认情况下是TLS SNI support disabled
启用方法:
需要重新编译nginx并启用TLS。步骤如下:
$ wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz
$ tar zxvf openssl-1.0.1e.tar.gz
$ ./configure
--prefix=/usr/local/nginx--with-http_ssl_module\
--with-openssl=./openssl-1.0.1e\
--with-openssl-opt="enable-tlsext"
$ make
$ make install
查看是否启用:
$ nginx -V
nginx version: nginx/1.10.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.2j 26 Sep 2016
TLS SNI support enabled
...
这样就可以在同一个IP上配置多个HTTPS主机了
server {
listen 443;
server_name www.test1.com;
index index.html index.htm index.php;
root /data/wwwroot/www.test1.com/project;
ssl on;
ssl_certificate "/usr/local/nginx/conf/ssl/www.test1.com.public.cer";
ssl_certificate_key "/usr/local/nginx/conf/ssl/www.test1.com.private.key";
......
}
server {
listen 443;
server_name www.test2.com;
index index.html index.htm index.php;
root /data/wwwroot/www.test2.com/project;
ssl on;
ssl_certificate "/usr/local/nginx/conf/ssl/www.bbb.test2.public.cer";
ssl_certificate_key "/usr/local/nginx/conf/ssl/www.test2.com.private.key";
......
}
