寶塔面闆單站點無法直接為一個站點設定開啟多域名證書,綁定2個不同域名再開啟強制https就會出現另個域名沒綁定證書的問題。
目前已知 2 種方法
添加多個站點,然後設定同一個目錄
簡單适用,站點多了之後顯得很亂
直接copy一份配置檔案内容手動編輯
往後隻能手動編輯conf參數,使用面闆功能配置會覆寫手動編輯的檔案。
配置檔案
server
{
listen 80;
listen 443 ssl http2;
server_name tc.learm.cn;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/tc.learm;
#SSL-START SSL相關配置,請勿删除或修改下一行帶注釋的404規則
error_page 404 /404.html;
limit_conn perserver 200;
limit_conn perip 10;
limit_rate 1024k;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/tc.learm.cn/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/tc.learm.cn/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 錯誤頁配置,可以注釋、删除或修改
error_page 404 /404.html;
error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注釋或修改
include enable-php-72.conf;
#PHP-INFO-END
#REWRITE-START URL重寫規則引用,修改後将導緻面闆設定的僞靜态規則失效
include /www/server/panel/vhost/rewrite/tc.learm.cn.conf;
#REWRITE-END
#禁止通路的檔案或目錄
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一鍵申請SSL證書驗證目錄相關設定
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log off;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log off;
access_log /dev/null;
}
access_log /www/wwwlogs/tc.learm.cn.log;
error_log /www/wwwlogs/tc.learm.cn.error.log;
}
server
{
listen 80;
listen 443 ssl http2;
server_name tc.learm.top;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/tc.learm;
#SSL-START SSL相關配置,請勿删除或修改下一行帶注釋的404規則
error_page 404 /404.html;
limit_conn perserver 200;
limit_conn perip 10;
limit_rate 1024k;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/tc.learm.top/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/tc.learm.top/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 錯誤頁配置,可以注釋、删除或修改
error_page 404 /404.html;
error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注釋或修改
include enable-php-72.conf;
#PHP-INFO-END
#REWRITE-START URL重寫規則引用,修改後将導緻面闆設定的僞靜态規則失效
include /www/server/panel/vhost/rewrite/tc.learm.cn.conf;
#REWRITE-END
#禁止通路的檔案或目錄
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log off;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log off;
access_log /dev/null;
}
access_log /www/wwwlogs/tc.learm.top.log;
error_log /www/wwwlogs/tc.learm.top.error.log;
}
SSL檔案夾的兩個檔案
fullchain.pem 是證書和根證書(上面放證書,下面放根證書)
privkey.pem 即是證書秘鑰