多台nginx服务器证书批量替换,nginx一台服务器部署多个域名和证书

背景

手头有俩域名，而且在某云可以拿到一年免费的域名证书。但是由于服务器比较贵，只有一台和对应的公网ip，想怎么支持https证书不会出错的情况下，两个域名都解析到同一个服务器。

所以找了如下的配置。 这里我加了个跳转，如果不需要的也可以不用加跳转。总结来说实现了在资源不够的情况下，稍微变通，同一个ip支持在不同域名下证书有效，即一个ip可以部署多个https网站。

配置详情

配置就全部拿过来了，注意添加的注释。

#nginx.conf

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

worker_connections 1024;

}

http {

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 65;

types_hash_max_size 2048;

client_max_body_size 100m;

include /etc/nginx/mime.types;

default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.

# See http://nginx.org/en/docs/ngx_core_module.html#include

# for more information.

include /etc/nginx/conf.d/*.conf;

# 默认的网站

server {

listen 443 ssl http2 default_server;

listen [::]:443 ssl http2 default_server;

server_name myweb1.com www.myweb1.com;

root /export/www/mediawiki;

index index.php;

ssl_certificate /etc/pki/nginx/private/myweb1.pem;

ssl_certificate_key /etc/pki/nginx/private/myweb1.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #支持和禁止的加密算法

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #协议版本

ssl_prefer_server_ciphers on;

# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki

location @mediawiki {

rewrite ^/wiki([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;

#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess config page

#rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;

#rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;

#rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;

#rewrite ^/(.*) /doku.php?id=$1&$args last;

}

location / { try_files $uri $uri/ @mediawiki; }

# 由于mediawiki 是php的，所有需要添加支持。

location ~* \.php$ {

try_files $uri =404;

fastcgi_index index.php;

fastcgi_pass 127.0.0.1:9000;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;

}

error_page 404 /404.html;

location = /40x.html {

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

### 不同域名，同样内容

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name www.myweb2.com myweb2.com;

root /export/www/mediawiki;

index index.php;

ssl_certificate /etc/pki/nginx/private/myweb2.pem;

ssl_certificate_key /etc/pki/nginx/private/myweb2.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #支持和禁止的加密算法

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #协议版本

ssl_prefer_server_ciphers on;

# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki

location @mediawiki {

#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess config page

#rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;

#rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;

#rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;

#rewrite ^/(.*) /doku.php?id=$1&$args last;

}

location / { try_files $uri $uri/ @mediawiki; }

location ~* \.php$ {

try_files $uri =404;

fastcgi_index index.php;

fastcgi_pass 127.0.0.1:9000;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;

}

error_page 404 /404.html;

location = /40x.html {

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

server {

listen 80 ;

listen [::]:80 ;

server_name _;

# Load configuration files for the default server block.

rewrite ^(.*)$ https://$host$1 permanent; # 这里加跳转，默认是80的访问全部转到443，永久跳转

include /etc/nginx/default.d/*.conf;

location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki

location / { try_files $uri $uri/ @mediawiki; }

# 支持php的配置

location ~* \.php$ {

try_files $uri =404;

fastcgi_index index.php;

fastcgi_pass 127.0.0.1:9000;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;

}

error_page 404 /404.html;

location = /40x.html {

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

# 另一个网站服务，端口也不一样

server {

listen 8000 ;

listen [::]:8000 ;

server_name _;

root /export/www/dokuwiki;

index doku.php

# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } # secure Dokuwiki

location @dokuwiki {

#rewrites "doku.php/" out of the URLs if you set the userewrite setting to .htaccess in dokuwiki config page

rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;

rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;

rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;

rewrite ^/(.*) /doku.php?id=$1&$args last;

}

location / { try_files $uri $uri/ @dokuwiki; }

location ~* \.php$ {

try_files $uri =404;

fastcgi_index index.php;

fastcgi_pass 127.0.0.1:9000;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param SCRIPT_NAME $fastcgi_script_name;

}

error_page 404 /404.html;

location = /40x.html {

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

}

总结

以上就是本次的内容，简单做个记录。