怎样实现多域名证书+http2

2018年11月30日 | 分类: 【技术】

这个问题2年前就尝试过,但无奈放弃。

发现:https://mypark.app/
特点:免费提供域名停放和URL跳转服务,支持自动签发免费SSL证书。同时支持http2。

怎么实现的?

参考:

理论
https://blog.csdn.net/u011130578/article/details/77979325
https://www.alibabacloud.com/help/zh/faq-detail/43742.htm
https://shansing.com/read/355/
https://wiki.openssl.org/index.php/TLS1.3
https://zh.wikipedia.org/wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%90%8D%E7%A7%B0%E6%8C%87%E7%A4%BA

Apache
http://blog.51cto.com/guoxh/2114630
https://www.wosign.com/faq/multisite-multidomain-https.htm
http://www.linuxdiyf.com/linux/32329.html
http://www.ttlsa.com/web/sni-multi-domain-virtual-host-ssl-tls-authentication/

Nginx
https://zhidao.baidu.com/question/1673406059627368307.html
http://www.cnblogs.com/wjoyxt/p/6134128.html
https://my.oschina.net/careyjike/blog/896507
https://www.restran.net/2017/01/24/nginx-letsencrypt-https/
http://www.ttlsa.com/web/multiple-https-host-nginx-with-a-ip-configuration/
https://www.jianshu.com/p/d40e249774ff
https://segmentfault.com/a/1190000013839445
http://www.voidcn.com/article/p-cuazhgls-np.html
http://ju.outofmemory.cn/entry/308785
https://www.diewufeiyang.com/post/971.html
https://www.tingtao.org/archives/709.html
http://www.voidcn.com/article/p-pdkgnexa-bbe.html
http://linux.it.net.cn/e/server/nginx/2014/1208/9876.html

Nginx支持多域名SSL证书是需要OpenSSL库支持的,CentOS5.X的OpenSSL库本身不支持这种特性,需要重新下载编译,步骤如下

wget https://www.openssl.org/source/old/0.9.x/openssl-0.9.8zh.tar.gz
tar zxvf ./openssl-0.9.8zh.tar.gz
cd ./openssl-0.9.8zh
./config enable-tlsext
make
make install

Nginx也要重新编译,添加OpenSSL源码的目录

./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-openssl=../openssl-0.9.8zh/