没有 ssl 证书的域重定向到不同的 ssl 域 [英] Domain without ssl certificate redirecting to different ssl domain

问题描述

我在 Digital Ocean 液滴上设置了两个域(使用 nginx).我已经在其中一个(域 1)中安装了 SSL 证书，并且该证书一切正常.第二个域 (domain2) 不需要 SSL 证书，但是如果我尝试访问 https://domain2 会向我显示domain1 的内容并给我一个证书错误(此页面不安全).

I have two domains set up on a Digital Ocean droplet (with nginx). I've installed a SSL certificate in one of them (domain1) and everything is fine with that one. The second domain (domain2), does not require a SSL certificate but if I try to access https://domain2 is showing me the content of domain1 and giving me a certificate error (This page is not secure).

我了解证书错误，但我不希望域 1 的内容显示在 https://domain2

I understand the certificate error, but I don't want the contents of domain1 being displayed in https://domain2

是配置问题吗?

推荐答案

nginx 总是有一个 默认服务器，如果 server_name 不匹配.如果您只有一个带有 listen 443 的服务器块，那么无论服务器名称如何，这都是所有 https 连接的隐式默认服务器.

nginx always has a default server, the one that is used if the server_name does not match. If you only have one server block with listen 443, then that is the implicit default server for all https connections irrespective of server name.

您需要为 https 连接设置一个明确的 catch-all 服务器，或者将 listen 443 ssl 添加到现有的 server 块充当 catch-all 服务器.

You will need to set up an explicit catch-all server for https connections, or add listen 443 ssl to an existing server block to act as the catch-all server.

您可以重复使用相同的证书文件，如果有人尝试使用它，您将继续收到证书错误，但至少您的其他域不会暴露.

You can reuse the same certificate file and you will continue to get certificate errors if anyone attempts to use it, but at least your other domains will not be exposed.

例如:

ssl_certificate     /path/to/crt;
ssl_certificate_key /path/to/key;    

server {
    listen 443 ssl;
    server_name domain1;
    ...
}
server {
    listen 443 ssl default_server;
    return 403;
}

请参阅本文档和本文档了解更多信息.

See this document and this document for more.

这篇关于没有 ssl 证书的域重定向到不同的 ssl 域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！