全部博文(51)
分类: 架构设计与优化
2017-11-09 17:12:13
为了和各个浏览器和操作系统兼容,使用传统多ip对应多域名的方式,非SNI方式。(SNI(Server Name Indication)定义在,是一项用于改善SSL/TLS的技术,在SSLv3/TLSv1中被启用。它允许客户端在发起SSL握手请求时(具体说来,是客户端发出SSL请求中的ClientHello阶段),就提交请求的Host信息,使得服务器能够切换到正确的域并返回相应的证书。)。
附:支持SNI的浏览器
Browsers with support for TLS server name indication
Internet Explorer 7 or later, on Windows Vista or higher. Does not work on Windows XP, even Internet Explorer 8.
Mozilla Firefox 2.0 or later
Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
Opera Mobile at least version 10.1 beta on Android[citation needed]
Google Chrome (Vista or higher. XP on Chrome 6 or newer. OS X 10.5.7 or higher on Chrome 5.0.342.1 or newer)
Safari 2.1 or later (Mac OS X 10.5.6 or higher and Windows Vista or higher)
Konqueror/KDE 4.7 or later
MobileSafari in Apple iOS 4.0 or later
Android default browser on Honeycomb or newer
Windows Phone 7[citation needed]
MicroB on Maemo
配置
lvs根据证书情况配置多vip(虚拟ip)example:10.10.68.106 vip1 ,10.10.68.107 vip2
nginx 配置文件:
server {
listen 10.10.68.106:443;#10.10.68.106 vip1
server_name passport.sogou.com;
ssl on;
ssl_certificate /opt/conf/nginx/Cert/Cert.passport.sogou/sogou.crt;
ssl_certificate_key /opt/conf/nginx/Cert/Cert.passport.sogou/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
server {
listen 10.10.68.107:443;#10.10.68.107 vip2
server_name pass.focus.cn;
ssl on;
ssl_certificate /opt/conf/nginx/Cert/Cert.passport.focus/passport.focus.crt;
ssl_certificate_key /opt/conf/nginx/Cert/Cert.passport.focus/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
