nginx / lets-encrypt：具有相同Web服务器配置的多个SSL域

Question

我使用通过const SelectedVal = (e)=>{ let element = document.getElementById('row') let i = parseInt(e.value) let numberTd = [...element.childNodes].filter(el=>{return el.tagName == 'TD'}).length for(let z = 0;z<numberTd;z++){ element.deleteCell(0) } for(let x = 0;x<i;x++){ var tdAdded = element.insertCell(0); tdAdded.innerHTML = "New cell"; } }生成的SSL证书管理大约十二个域，并且我使用 <table> <tr id="row"> <td>row </td> </tr> </table> <select onchange="SelectedVal(this)" > <option value="">Select One</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> </select>来管理这些域的Web服务。

事实证明，所有这些域都必须具有相同的lets-encrypt配置：即，相同的nginx块，相同的nginx，相同的网站参数，例如等。

每个域的唯一区别是location，root和ssl_certificate的设置。

我处理此问题的方法是在我的nginx配置中有十几个ssl_certificate_key块，除了这三个SSL参数之外，每个块都包含几乎相同的数据。

例如...

ssl_trusted_certificate

...，然后是server {}，server { error_log /var/log/nginx/error.log debug; listen 80 default_server; listen [::]:80 default_server; listen 443 ssl http2; server_name example-domain0.com; ssl_certificate /etc/letsencrypt/live/example-domain0.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example-domain0.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/example-domain0.com/chain.pem; ssl_session_cache shared:SSL:128m; add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; ssl_stapling on; ssl_stapling_verify on; root /usr/share/nginx/html; index index.php index.html index.htm; if ($scheme != "https") { return 301 https://$host$request_uri; } location / { try_files $uri $uri/ =404; } location ~ \.json { add_header Content-Type text/plain; } location ~ ^/(t)($|/.*) { alias $1$2; include uwsgi_params; uwsgi_pass unix:/var/run/uwsgi/flask/$1.sock; } location ~ ^/(css|static|hm|cy|img|sq|rc|rl|oc|m|js)($|/.*) { root /usr/share/nginx; } location ~ ^/(junk)($|/.*) { root /usr/share/nginx/html; allow all; autoindex on; } location ~ \.php$ { include phpsite_params; } } server { error_log /var/log/nginx/error.log debug; listen 80; listen [::]:80; listen 443 ssl http2; server_name example-domain1.com; ssl_certificate /etc/letsencrypt/live/example-domain1.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example-domain1.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/example-domain01.com/chain.pem; ssl_session_cache shared:SSL:128m; add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; ssl_stapling on; ssl_stapling_verify on; root /usr/share/nginx/html; index index.php index.html index.htm; if ($scheme != "https") { return 301 https://$host$request_uri; } location / { try_files $uri $uri/ =404; } location ~ \.json { add_header Content-Type text/plain; } location ~ ^/(t)($|/.*) { alias $1$2; include uwsgi_params; uwsgi_pass unix:/var/run/uwsgi/flask/$1.sock; } location ~ ^/(css|static|hm|cy|img|sq|rc|rl|oc|m|js)($|/.*) { root /usr/share/nginx; } location ~ ^/(junk)($|/.*) { root /usr/share/nginx/html; allow all; autoindex on; } location ~ \.php$ { include phpsite_params; } } ，等的十几个块，除了域名和那些SSL参数的值外，其他块都相同

如果我要更改站点配置，这会引起很多问题，因为那样的话，我必须在此配置文件中的十几个地方进行相同的更改，有时会导致错误。

由于每个SSL域都需要自己的example-domain2.com，example-domain3.com和ssl_certificate，因此，我想仅使用该SSL配置信息来创建较小的ssl_certificate_key块，并且然后排除其他通用配置信息，仅将其保存在一个地方。

有可能吗？

非常感谢您。

Answer 1

哦，我没有意识到我可以在include块之外使用location指令。

我的问题的解决方案是：

server {
    error_log /var/log/nginx/error.log debug;
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl http2;

    server_name example-domain0.com;

    ssl_certificate /etc/letsencrypt/live/example-domain0.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example-domain0.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example-domain0.com/chain.pem;

    include common/site-parms.conf;
}

server {
    error_log /var/log/nginx/error.log debug;
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;

    server_name example-domain1.com;

    ssl_certificate /etc/letsencrypt/live/example-domain1.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example-domain1.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example-domain1.com/chain.pem;

    include common/site-parms.conf;
}

...以及另外十二个类似的server {}块，所有常见的内容都包含在/etc/nginx/common/site-parms.conf中。