如何配置或者如何编译，才能支持同一个server配置多个证书？

[hope250]

配置文件

server {
  listen       443    ssl;
  server_name  www.aaa.org.cn file.aaa.org.cn;

  ssl_certificate      ../certs/www.aaa.org.cn.crt;
  ssl_certificate_key  ../certs/www.aaa.org.cn.key;
  ssl_certificate      ../certs/file.aaa.org.cn.crt;
  ssl_certificate_key  ../certs/file.aaa.org.cn.key;
  ssl_certificate      ../certs/all.pem;
  ssl_certificate_key  ../certs/all.key; 

  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m; 
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on; 
}

这么配置的话，只有最后一个证书生效，上面两个证书都不生效了。

[daanhan]

配置多个server，每个server一个域名，一个证书。

server {
  listen       443    ssl;
  server_name  www.aaa.org.cn;

  ssl_certificate      ../certs/www.aaa.org.cn.crt;
  ssl_certificate_key  ../certs/www.aaa.org.cn.key;
}
server {
  listen       443    ssl;
  server_name  file.aaa.org.cn;

  ssl_certificate      ../certs/file.aaa.org.cn.crt;
  ssl_certificate_key  ../certs/file.aaa.org.cn.key;
}

[kakahu2015]

配置多个server，每个server一个域名，一个证书。

server {

  listen       443    ssl;

  server_name  www.aaa.org.cn;



  ssl_certificate      ../certs/www.aaa.org.cn.crt;

  ssl_certificate_key  ../certs/www.aaa.org.cn.key;

}

server {

  listen       443    ssl;

  server_name  file.aaa.org.cn;



  ssl_certificate      ../certs/file.aaa.org.cn.crt;

  ssl_certificate_key  ../certs/file.aaa.org.cn.key;

}

你实践过吗？如果是hppt协议端口复用可以，https协议这么配置永远会被第一个覆盖

[kakahu2015]

./configure --prefix=/data/nginx --with-stream --with-stream_ssl_preread_module这一步是关键

后续配置就简单了，拿走不谢：

stream {map $ssl_preread_server_name $name { default backend; example.com backend1; test.com backend2; } server { listen 443; proxy_pass $name; ssl_preread on; } 你直接代理ssl流量，无论多少个都没关系