Q&A###前提・実現したいこと
1つのアプリケーションを複数ドメイン(aaa.co.jp、bbb.click)を設定して、ドメイン毎に証明書を取得して設定等をしました。
Let's Encryptでドメイン毎にSSL証明書を取得しました。特に問題ありませんでした。
そして、Nginxの設定ファイルに各種ファイルを設定しました。特に問題はありませんでした。
また、ポートが開放されているかも確認しましたが、問題ありませんでした。
接続するにはどのようにすれば、よろしかったでしょうか。
ご確認の程、よろしくお願いします。
###発生している問題・エラーメッセージ
curl: (35) SSL connect error
###aaa.co.jpのソースコード
server { listen 123.123.123.123:443; server_name aaa.co.jp; root /var/www/html/application; rewrite_log on; access_log /usr/local/nginx/logs/aaa_co_jp_access.log; error_log /usr/local/nginx/logs/aaa_co_jp_error.log notice; ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; ssl_certificate /etc/letsencrypt/live/aaa.co.jp/cert.pem; ssl_certificate_key /etc/letsencrypt/live/aaa.co.jp/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # intermediate configuration. tweak to your needs. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on; #HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; ssl_buffer_size 4k; client_max_body_size 20M; # GZIP Configuration gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied expired no-cache no-store private auth; gzip_comp_level 5; gzip_types text/plain; gzip_types text/xml; gzip_types text/css; gzip_types text/javascript; gzip_types application/x-javascript; gzip_types application/javascript; gzip_types application/json; gzip_disable "msie6"; location / { index index.html index.php; ## If missing pass the URI to Magento's front handler try_files $uri $uri/ @handler; expires max; ## Enable max file cache } ...... ...... ## Disable .htaccess and other hidden files location /. { return 404; } ## Magento uses a common front handler location @handler { rewrite / /index.php; } location = / { set $first_language $http_accept_language; set $language_suffix 'en'; if ($first_language ~* 'ja') { set $language_suffix 'store1_jp'; } if ($first_language ~* 'zh') { set $language_suffix 'store1_cn'; } return $scheme://$host/$language_suffix/$1; } ## Forward paths like /js/index.php/x.js to relevant handler location ~ .php/ { rewrite ^(.*.php)/ $1 last; } ## php-fpm parsing location ~ .php$ { add_header Fastcgi-Cache $upstream_cache_status; if (!-e $request_filename) { rewrite / /index.php last; } ## Disable cache for php files expires off; ## php-fpm configuration fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /usr/local/nginx/conf/fastcgi_params; fastcgi_read_timeout 1600; ## Tweak fastcgi buffers, just in case. fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } } server { listen 133.130.101.107:80; server_name aaa.co.jp; return 301 https://aaa.co.jp$request_uri; }
###bbb.clickのソースコード
server { listen 456.456.456.456:443; server_name bbb.click; root /var/www/html/magento; rewrite_log on; access_log /usr/local/nginx/logs/bbb_click_access.log; error_log /usr/local/nginx/logs/bbb_click_error.log notice; ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; ssl_certificate /etc/letsencrypt/live/bbb.click/cert.pem; ssl_certificate_key /etc/letsencrypt/live/bbb.click/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # intermediate configuration. tweak to your needs. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on; #HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; ssl_buffer_size 4k; location / { index index.html index.php; ## If missing pass the URI to Magento's front handler try_files $uri $uri/ @handler; expires max; ## Enable max file cache } ...... ...... ## Disable .htaccess and other hidden files location /. { return 404; } ## Magento uses a common front handler location @handler { rewrite / /index.php; } location = / { set $first_language $http_accept_language; set $language_suffix 'en'; if ($first_language ~* 'ja') { set $language_suffix 'store1_jp'; } if ($first_language ~* 'zh') { set $language_suffix 'store1_cn'; } return $scheme://$host/$language_suffix/$1; } ## Forward paths like /js/index.php/x.js to relevant handler location ~ .php/ { rewrite ^(.*.php)/ $1 last; } ## php-fpm parsing location ~ .php$ { add_header Fastcgi-Cache $upstream_cache_status; if (!-e $request_filename) { rewrite / /index.php last; } ## Disable cache for php files expires off; ## php-fpm configuration fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /usr/local/nginx/conf/fastcgi_params; fastcgi_read_timeout 1600; ## Tweak fastcgi buffers, just in case. fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } } server { listen 133.130.101.107:80; server_name bbb.click; return 301 https://bbb.click$request_uri; }
###試したこと
課題に対してアプローチしたことを記載してください
###補足情報(言語/FW/ツール等のバージョンなど)
CentOS release 6.8 (Final)
Nginx 1.11.12
PHP 5.5.38 (cli)
PHP 5.5.38 (fpm-fcgi)
回答1件
0
自己解決
私の記述ミスでした。
× listen 123.123.123:443;
○ listen 123.123.123:443 ssl;
投稿2017/03/30 04:56
総合スコア204
あなたの回答
tips
プレビュー
バッドをするには、ログインかつ
こちらの条件を満たす必要があります。