寶塔如何讓兩個(gè)不同主域的二級(jí)域名綁定到同一網(wǎng)站同時(shí)添加ssl證書
利用寶塔如何讓兩個(gè)不同主域的二級(jí)域名綁定到同一網(wǎng)站同時(shí)添加ssl證書。
這句話好像有點(diǎn)拗口。
首先這是不同主域的兩個(gè)二級(jí)域名的解決方案,如果是同一主域的二級(jí)域名可以申請根域名證書解決,這里不再贅述。
首先要利用寶塔面板的后臺(tái)申請不同域名證書,這里我都申請的letsencrypt證書,申請完以后找的證書所在文件夾,如果不知道目錄的可以通過文件管理器搜索域名找的。
證書都申請好以后,在寶塔站點(diǎn)管理里面點(diǎn)擊對應(yīng)站點(diǎn)的 設(shè)置-配置文件
你會(huì)看著配置文件的內(nèi)容是這樣的
server
{
listen 80;
listen 443 ssl http2;
server_name erji.a.com erji.b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /home/www/wwwroot/erji.a.com/think/public;
#SSL-START SSL相關(guān)配置,請勿刪除或修改下一行帶注釋的404規(guī)則
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/erji.a.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/erji.a.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 錯(cuò)誤頁配置,可以注釋、刪除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注釋或修改
include enable-php-74.conf;
#PHP-INFO-END
#REWRITE-START URL重寫規(guī)則引用,修改后將導(dǎo)致面板設(shè)置的偽靜態(tài)規(guī)則失效
include /www/server/panel/vhost/rewrite/erji.a.com.conf;
#REWRITE-END
#禁止訪問的文件或目錄
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一鍵申請SSL證書驗(yàn)證目錄相關(guān)設(shè)置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log /www/wwwlogs/erji.a.com.log;
error_log /www/wwwlogs/erji.a.com.error.log;
}
復(fù)制完全完整的一份,然后在底部添加,修改為一下內(nèi)容
server
{
listen 80;
listen 443 ssl http2;
server_name erji.a.com;
index index.php index.html index.htm default.php default.htm default.html;
root /home/www/wwwroot/erji.a.com/think/public;
#SSL-START SSL相關(guān)配置,請勿刪除或修改下一行帶注釋的404規(guī)則
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/erji.a.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/erji.a.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 錯(cuò)誤頁配置,可以注釋、刪除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注釋或修改
include enable-php-74.conf;
#PHP-INFO-END
#REWRITE-START URL重寫規(guī)則引用,修改后將導(dǎo)致面板設(shè)置的偽靜態(tài)規(guī)則失效
include /www/server/panel/vhost/rewrite/erji.a.com.conf;
#REWRITE-END
#禁止訪問的文件或目錄
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一鍵申請SSL證書驗(yàn)證目錄相關(guān)設(shè)置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log /www/wwwlogs/erji.a.com.log;
error_log /www/wwwlogs/erji.a.com.error.log;
}
server
{
listen 80;
listen 443 ssl http2;
server_name erji.b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /home/www/wwwroot/erji.a.com/think/public;
#SSL-START SSL相關(guān)配置,請勿刪除或修改下一行帶注釋的404規(guī)則
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/letsencrypt/erji.b.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/letsencrypt/erji.b.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 錯(cuò)誤頁配置,可以注釋、刪除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注釋或修改
include enable-php-74.conf;
#PHP-INFO-END
#REWRITE-START URL重寫規(guī)則引用,修改后將導(dǎo)致面板設(shè)置的偽靜態(tài)規(guī)則失效
include /www/server/panel/vhost/rewrite/erji.a.com.conf;
#REWRITE-END
#禁止訪問的文件或目錄
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一鍵申請SSL證書驗(yàn)證目錄相關(guān)設(shè)置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log /www/wwwlogs/erji.b.com.log;
error_log /www/wwwlogs/erji.b.com.error.log;
}
注意看標(biāo)紅的位置是修改和有差異的地方。
至此完美解決,不同的兩個(gè)域名ssl證書共存的問題。
