2019-09-18 23:47:23 举例宝塔创建A站点开去SSL,HTTPS,其它站点未开去SSL,但以HTTPS访问这些未设置SSL的站点时,默认打开时A站点内容。在未指定SSL默认站点时,未开启SSL的站点使用HTTPS会直接访问到已开启
在未指定SSL默认站点时,未开启SSL的站点使用HTTPS会直接访问到已开启SSL的站点,串站点。
举例宝塔创建A站点开去SSL,HTTPS,其它站点未开去SSL,但以HTTPS访问这些未设置SSL的站点时,默认打开时A站点内容。
一个网站A接入了https,网站B没有使用ssl,但是使用https访问会进去到网站A的https,请问这个怎么解决?
官方的说法是:【在未指定SSL默认站点时,未开启SSL的站点使用HTTPS会直接访问到已开启SSL的站点】。但是即使设置了默认站点,还是存在这个问题。
解决方法(以Nginx环境为例):
设置默认站点,让默认站点不能访问,开启ssl但不解析域名,这个ssl也是随便找的。
第一步:创建一个站点
创建一个站点域名就使用你域名乱命名二级域名(避免以后使用),比如你域名时abc.com,你们你新建站点就绑定aaaakkd2dd.abc.com,这里aaaakkd2dd就是乱取的,需要注意新建站点不需要解析。
新建站点绑定一个无用域名
第二步:删除新建站点的默认文件
默认创建站点对应站点根目录中会有index.html,将其删除。
目的是让站点不能访问
删除创建站点index.html文件
第三步:开启SSL
需要准备SSL证书文件.pem和.key文件,这里为大家准备一个过期的但可以使用的证书内容。
1、证书key和pem文件(Nginx环境用的)
.key文件代码:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAlcZJiGVMbbzrWzkmhBJxjoMbFSSCtLzcY0poxwTxyxzd2pw1
45OIV9WllYNTotQyOheiJEN9hGgU/qjIRpKg/1KrSnxsykYwevMjsyM/Rs3W7MRr
EGjCqr9VfWCnC/mOhwrSeEtL76DaMTpYIYIVemK+W+BajKD5nNekjs6567phMFbm
Bsqil3hXWE31GyIaYwQqbMWI1gCSX/Tvh3dmt2dVE2/7q4soZPVSlNqEq92UENqR
6k3aQS+PoKOBj9b4Y1wtveL0bNOHqi4e7iXtucPnlWLlrpylm1ybm9Q0AUm4X0N0
k1XFB8hyOWHH0SgczbKbbHfaJEWi7kDVsUCL1wIDAQABAoIBAQCKUzJwbRX0N8mq
W5Lt4VbNRtqJYUnyAIcOkJdKT4+8hfGDyEeg4g3HCUM/XaWtuYqVymPuWAKhebsC
IwGs5BkbFc+rIFUdT0vREaND++ahztOToig7ZHV9Wu5quAwvbBEtOVp+zRPZwVYi
pv7kG48Yk/+5PPCD9tvx9ds+JUDiqrD9jEEz8WfxziFeCeO/HsjDJwKN363qGNCh
lvvslAZXyRmdyWGywCG5DWpyjGj54OxCMp7R0nsrCrnRQz333i+NhjWCODvusw1l
tPO47Fn80D9UQUNo4ep51HaBJ66iuB9Sgui18Gi7o3DiJ9myqzZq4GMkTeApQra5
IOM+vug5AoGBAPfDLxwVc/YjltVCSiw06gEKwjYuzI/FjVDmpn9OObP4F2HWSXom
W/4A5LIjzJZSLeYU0Strr/gZ94OiC2EqqpTZrzIPzpQYeIIjBc2Vdhq3EURaKDS4
3i03Y/F139/tnn2T8nA9CY4vaJ4JWkVXSFP6SOvreGtlH4YAvh/IgmDbAoGBAJrB
Fb4XPa172EHpKwoxzXcEIiy6T5glVAjcLEl91NCjW4h5QHoz31tYxYRPrg3b6McM
UiTN2NWfhytFlzZFEhnAOHfel98QJFeMOz9MszZlIV/OdvevcIo2+3NSmJ7lMint
rimkX8TIi/dE2SALZ12SxzZ6QX/7O+L5wKEPJoO1AoGAX+VmGIKdLYm82bIcr1uT
ru+RGBOpDYSzG7sKen+2idfehPnB2st6E6gY3HJKv2vzY/hutVWq+GZkjMhtiyBO
gep3ivLfTCbkjcosdtQAsHpm7oPOyAk9xVaJEm5DRpLcI1LeJV8akbP71B9elzQf
RJG9I8MyCq9LMjybWgXroL0CgYA7bDr6FBiF3hErNepl7ruzoK2yuRPJG0RKZqjG
y3+FYcTLAawlgHeartqhNKtj/PZEQFHmefhyBuCzV/R5TUpnAu1r8dglOiCKUXmK
k9wY3fpTvIboEsDHAdfJ74RVNzLs8Kw4pzpy6IL+PryU1mwpfSvrmkQ+bW0QedBi
x9uFJQKBgQDkSWP5fuTDV/W7sOwZAplXWydu+9wM43fb76ycdK3NMkODLFpG5qr/
2kIUcyeS/SlJPwwHF2XpzsNbqUK2urDy0y1sgriOSdh/mPgvWU0L/rcU25mi6ao1
aXa4mmLTeP7b+fSpU+FA4jlo/+X2Nw3nMa77S0M4ucDOPF+craFiMA==
-----END RSA PRIVATE KEY-----
.pem文件代码:
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIQCWJ4ZNU3PH/Dxidtj6DcfzANBgkqhkiG9w0BAQsFADBu
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
RFYgVExTIENBIC0gRzEwHhcNMTgwODI5MDAwMDAwWhcNMTkwODI5MTIwMDAwWjAV
MRMwEQYDVQQDEwppLjE4MDI4LmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAlcZJiGVMbbzrWzkmhBJxjoMbFSSCtLzcY0poxwTxyxzd2pw145OIV9Wl
lYNTotQyOheiJEN9hGgU/qjIRpKg/1KrSnxsykYwevMjsyM/Rs3W7MRrEGjCqr9V
fWCnC/mOhwrSeEtL76DaMTpYIYIVemK+W+BajKD5nNekjs6567phMFbmBsqil3hX
WE31GyIaYwQqbMWI1gCSX/Tvh3dmt2dVE2/7q4soZPVSlNqEq92UENqR6k3aQS+P
oKOBj9b4Y1wtveL0bNOHqi4e7iXtucPnlWLlrpylm1ybm9Q0AUm4X0N0k1XFB8hy
OWHH0SgczbKbbHfaJEWi7kDVsUCL1wIDAQABo4ICcDCCAmwwHwYDVR0jBBgwFoAU
VXRPsnJP9WC6UNHX5lFcmgGHGtcwHQYDVR0OBBYEFI8zIU+zoVoBaUyOUL2ixwKA
I6+3MBUGA1UdEQQOMAyCCmkuMTgwMjguY24wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNVHSAERTBDMDcGCWCGSAGG/WwB
AjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgG
BmeBDAECATCBgQYIKwYBBQUHAQEEdTBzMCUGCCsGAQUFBzABhhlodHRwOi8vb2Nz
cDIuZGlnaWNlcnQuY29tMEoGCCsGAQUFBzAChj5odHRwOi8vY2FjZXJ0cy5kaWdp
Y2VydC5jb20vRW5jcnlwdGlvbkV2ZXJ5d2hlcmVEVlRMU0NBLUcxLmNydDAJBgNV
HRMEAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYApLkJkLQYWBSHuxOizGdw
Cjw1mAT5G9+443fNDsgN3BAAAAFlhKJeAQAABAMARzBFAiEA1D+C2NxHKywhBvxc
r/T8ibXcegayrSMUFQdACqdP62cCIB80+ey+9mkrLb7BRsTBbSI3NOLrViXKXI8c
eUeXPOpOAHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFlhKJe
kgAABAMASDBGAiEA2gOXHEtaVclq8EeIHhXoxzUoFDMljhg8tdcT89FPkQACIQD8
dV0WEmsXa+Hmj/MAjqXMeJMkoR55xa08L3uD5FptQTANBgkqhkiG9w0BAQsFAAOC
AQEAVcFjxDMmbeOk1DHgMAsU11Uu5/5U9/uD25VXfZHkYfROcD9tv0rxVKRckZBU
Q5EPLgp93o/P5xv4XKlpjEEDaBqddXXkzQ3WvXtQ4g5BH5JbII/SOckaYmpFexls
8X7PIGzE7bwm003Hu8kf/Fy0elsex1DnYoXw5xD84tcDhQzm0WXVTKZVBqqQKDBA
9F9YytGsVkVDMDBivGsHH20sAl2P+2RCt5ZCHzZhDUcHZSQoe3ehv6SYBY5XYd6X
5idsqhxuhGmVFeBXcjuWmrb6pQf9R++2ui09sS0Av6qMTErxGi6WAjIvXKO0eszB
sf2F4TP7LeDaKDRfaGvMuiuc+A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
-----END CERTIFICATE-----
以上代码直接拷贝即可使用。虽然以上是过期的证书,但也是可以用于解决问题。
2、宝塔后台开启SSL
拷贝SSL证书代码开启这个新建站点
完成站点SSL HTTPS
第四步:设置默认站点 完成问题解决
将这个新建站点设置为默认站点
到此完成解决访问非开启ssl的站点以https访问却打开是开启ssl站点,这种有点像串站感觉。
最后如果以https访问未开启SSL站点,将不会打开SSL站点了。