在location {}块中指定nginx的ssl_certificate

发布时间：2020-12-13 21:13:44 所属栏目：Nginx 来源：网络整理

导读：对于Web服务,我们有两个证书：myservice.com和api.myservice.com.两者都具有相同的应用程序(文档根目录),但是通过HTTPS使用不同的证书进行服务.不幸的是,我们目前没有双域证书. 目前,我必须定义两个服务器块,每个服务器块指向同一个根.唯一的区别是ssl_certi

对于Web服务,我们有两个证书：myservice.com和api.myservice.com.两者都具有相同的应用程序(文档根目录),但是通过HTTPS使用不同的证书进行服务.不幸的是,我们目前没有双域证书.

目前,我必须定义两个服务器块,每个服务器块指向同一个根.唯一的区别是ssl_certificate指令,但只能在http or server level上声明.

不过,有没有办法避免服务器块中的复制/粘贴？这是一个示例代码：

server {
    listen      443;
    server_name .myservice.com;
    root        /var/www/myservice.com/public;

    include conf.d/common.conf.inc;

    ssl                 on;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
    ssl_session_cache   shared:SSL:5m;
    ssl_session_timeout 10m;
    ssl_certificate     /path/to/myservice.com.bundle.crt;
    ssl_certificate_key /path/to//myservice.com.key;

    ssl_prefer_server_ciphers on;
}

server {
    listen      443;
    server_name api.myservice.com;
    root        /var/www/myservice.com/public;

    include conf.d/common.conf.inc;

    ssl                 on;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
    ssl_session_cache   shared:SSL:5m;
    ssl_session_timeout 10m;
    ssl_certificate     /path/to/api.myservice.com.bundle.crt;
    ssl_certificate_key /path/to//myservice.com.key;

    ssl_prefer_server_ciphers on;
}

/编辑：
根据要求,这里输出nginx -V：

nginx version: nginx/1.2.7

TLS SNI support enabled configure

arguments: –prefix=/usr/share/nginx –conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-log-path=/var/log/nginx/access.log –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –lock-path=/var/lock/nginx.lock –pid-path=/run/nginx.pid –with-pcre-jit –with-debug –with-http_addition_module –with-http_dav_module –with-http_flv_module –with-http_geoip_module –with-http_gzip_static_module –with-http_image_filter_module –with-http_mp4_module –with-http_perl_module –with-http_random_index_module –with-http_realip_module –with-http_secure_link_module –with-http_stub_status_module –with-http_ssl_module –with-http_sub_module –with-http_xslt_module –with-ipv6 –with-sha1=/usr/include/openssl –with-md5=/usr/include/openssl –with-mail –with-mail_ssl_module –add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-auth-pam –add-module=/build/buildd/nginx-1.2.7/debian/modules/chunkin-nginx-module
–add-module=/build/buildd/nginx-1.2.7/debian/modules/headers-more-nginx-module
–add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-development-kit –add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-echo –add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-http-push –add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-lua –add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-upload-module
–add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-upload-progress –add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-upstream-fair
–add-module=/build/buildd/nginx-1.2.7/debian/modules/nginx-dav-ext-module

最佳答案

你已经知道(并且正在使用)答案！只需在单独的文件中包含公共部分即可.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!