背景:
nginx 配置了https 证书,但是是针对主域名yy123.ink生成的证书。发现子域名访问网站虽然是https但是仍然提示不安全。所以需要针对子域名单独生成证书。
证书生成:
免费证书生成参考前文:阿里云CentOS 8 + nginx 免费开启ssl https (certbot 方式)
nginx配置:
说明配置中通过 server_name AAA.example.cn 将不同域名区分,引用不同证书
server {
listen 443 ssl;
server_name AAA.example.cn www.AAA.example.cn;
ssl_certificate "/home/yushan/demontf/2076603_AAA.example.cn.pem";
ssl_certificate_key "/home/yushan/demontf/2076603_AAA.example.cn.key";
location / {
proxy_pass http://127.0.0.1:8090;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect default;
}
}
server {
listen 443 ssl; # redirect to https
server_name BBB.example.cn www.BBB.example.cn;
ssl_certificate "/home/yushan/demontf/2005538_BBB.example.cn.pem";
ssl_certificate_key "/home/yushan/demontf/2005538_BBB.example.cn.key";
location / {
proxy_pass http://127.0.0.1:8091;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect default;
}
}
配置好后执行
service nginx reload
#或者
nginx -s reload
重新打开你的网站 OK。