在未指定SSL默认站点时,未开启SSL的站点使用HTTPS会直接访问到已开启SSL的站点,串站点。
举例宝塔创建A站点开去SSL,HTTPS,其它站点未开去SSL,但以HTTPS访问这些未设置SSL的站点时,默认打开时A站点内容。
一个网站A接入了https,网站B没有使用ssl,但是使用https访问会进去到网站A的https,请问这个怎么解决?
官方的说法是:【在未指定SSL默认站点时,未开启SSL的站点使用HTTPS会直接访问到已开启SSL的站点】。但是即使设置了默认站点,还是存在这个问题。
解决方法(以Nginx环境为例):
设置默认站点,让默认站点不能访问,开启ssl但不解析域名,这个ssl也是随便找的。
第一步:创建一个站点
创建一个站点域名就使用你域名乱命名二级域名(避免以后使用),比如你域名时abc.com,你们你新建站点就绑定aaaakkd2dd.abc.com,这里aaaakkd2dd就是乱取的,需要注意新建站点不需要解析。
新建站点绑定一个无用域名
第二步:删除新建站点的默认文件
默认创建站点对应站点根目录中会有index.html,将其删除。
目的是让站点不能访问
删除创建站点index.html文件
第三步:开启SSL
需要准备SSL证书文件.pem和.key文件,这里为大家准备一个过期的但可以使用的证书内容。
1、证书key和pem文件(Nginx环境用的)
.key文件代码:
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAlcZJiGVMbbzrWzkmhBJxjoMbFSSCtLzcY0poxwTxyxzd2pw1 45OIV9WllYNTotQyOheiJEN9hGgU/qjIRpKg/1KrSnxsykYwevMjsyM/Rs3W7MRr EGjCqr9VfWCnC/mOhwrSeEtL76DaMTpYIYIVemK+W+BajKD5nNekjs6567phMFbm Bsqil3hXWE31GyIaYwQqbMWI1gCSX/Tvh3dmt2dVE2/7q4soZPVSlNqEq92UENqR 6k3aQS+PoKOBj9b4Y1wtveL0bNOHqi4e7iXtucPnlWLlrpylm1ybm9Q0AUm4X0N0 k1XFB8hyOWHH0SgczbKbbHfaJEWi7kDVsUCL1wIDAQABAoIBAQCKUzJwbRX0N8mq W5Lt4VbNRtqJYUnyAIcOkJdKT4+8hfGDyEeg4g3HCUM/XaWtuYqVymPuWAKhebsC IwGs5BkbFc+rIFUdT0vREaND++ahztOToig7ZHV9Wu5quAwvbBEtOVp+zRPZwVYi pv7kG48Yk/+5PPCD9tvx9ds+JUDiqrD9jEEz8WfxziFeCeO/HsjDJwKN363qGNCh lvvslAZXyRmdyWGywCG5DWpyjGj54OxCMp7R0nsrCrnRQz333i+NhjWCODvusw1l tPO47Fn80D9UQUNo4ep51HaBJ66iuB9Sgui18Gi7o3DiJ9myqzZq4GMkTeApQra5 IOM+vug5AoGBAPfDLxwVc/YjltVCSiw06gEKwjYuzI/FjVDmpn9OObP4F2HWSXom W/4A5LIjzJZSLeYU0Strr/gZ94OiC2EqqpTZrzIPzpQYeIIjBc2Vdhq3EURaKDS4 3i03Y/F139/tnn2T8nA9CY4vaJ4JWkVXSFP6SOvreGtlH4YAvh/IgmDbAoGBAJrB Fb4XPa172EHpKwoxzXcEIiy6T5glVAjcLEl91NCjW4h5QHoz31tYxYRPrg3b6McM UiTN2NWfhytFlzZFEhnAOHfel98QJFeMOz9MszZlIV/OdvevcIo2+3NSmJ7lMint rimkX8TIi/dE2SALZ12SxzZ6QX/7O+L5wKEPJoO1AoGAX+VmGIKdLYm82bIcr1uT ru+RGBOpDYSzG7sKen+2idfehPnB2st6E6gY3HJKv2vzY/hutVWq+GZkjMhtiyBO gep3ivLfTCbkjcosdtQAsHpm7oPOyAk9xVaJEm5DRpLcI1LeJV8akbP71B9elzQf RJG9I8MyCq9LMjybWgXroL0CgYA7bDr6FBiF3hErNepl7ruzoK2yuRPJG0RKZqjG y3+FYcTLAawlgHeartqhNKtj/PZEQFHmefhyBuCzV/R5TUpnAu1r8dglOiCKUXmK k9wY3fpTvIboEsDHAdfJ74RVNzLs8Kw4pzpy6IL+PryU1mwpfSvrmkQ+bW0QedBi x9uFJQKBgQDkSWP5fuTDV/W7sOwZAplXWydu+9wM43fb76ycdK3NMkODLFpG5qr/ 2kIUcyeS/SlJPwwHF2XpzsNbqUK2urDy0y1sgriOSdh/mPgvWU0L/rcU25mi6ao1 aXa4mmLTeP7b+fSpU+FA4jlo/+X2Nw3nMa77S0M4ucDOPF+craFiMA== -----END RSA PRIVATE KEY-----
.pem文件代码:
-----BEGIN CERTIFICATE----- MIIFfzCCBGegAwIBAgIQCWJ4ZNU3PH/Dxidtj6DcfzANBgkqhkiG9w0BAQsFADBu MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg RFYgVExTIENBIC0gRzEwHhcNMTgwODI5MDAwMDAwWhcNMTkwODI5MTIwMDAwWjAV MRMwEQYDVQQDEwppLjE4MDI4LmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAlcZJiGVMbbzrWzkmhBJxjoMbFSSCtLzcY0poxwTxyxzd2pw145OIV9Wl lYNTotQyOheiJEN9hGgU/qjIRpKg/1KrSnxsykYwevMjsyM/Rs3W7MRrEGjCqr9V fWCnC/mOhwrSeEtL76DaMTpYIYIVemK+W+BajKD5nNekjs6567phMFbmBsqil3hX WE31GyIaYwQqbMWI1gCSX/Tvh3dmt2dVE2/7q4soZPVSlNqEq92UENqR6k3aQS+P oKOBj9b4Y1wtveL0bNOHqi4e7iXtucPnlWLlrpylm1ybm9Q0AUm4X0N0k1XFB8hy OWHH0SgczbKbbHfaJEWi7kDVsUCL1wIDAQABo4ICcDCCAmwwHwYDVR0jBBgwFoAU VXRPsnJP9WC6UNHX5lFcmgGHGtcwHQYDVR0OBBYEFI8zIU+zoVoBaUyOUL2ixwKA I6+3MBUGA1UdEQQOMAyCCmkuMTgwMjguY24wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNVHSAERTBDMDcGCWCGSAGG/WwB AjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgG BmeBDAECATCBgQYIKwYBBQUHAQEEdTBzMCUGCCsGAQUFBzABhhlodHRwOi8vb2Nz cDIuZGlnaWNlcnQuY29tMEoGCCsGAQUFBzAChj5odHRwOi8vY2FjZXJ0cy5kaWdp Y2VydC5jb20vRW5jcnlwdGlvbkV2ZXJ5d2hlcmVEVlRMU0NBLUcxLmNydDAJBgNV HRMEAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYApLkJkLQYWBSHuxOizGdw Cjw1mAT5G9+443fNDsgN3BAAAAFlhKJeAQAABAMARzBFAiEA1D+C2NxHKywhBvxc r/T8ibXcegayrSMUFQdACqdP62cCIB80+ey+9mkrLb7BRsTBbSI3NOLrViXKXI8c eUeXPOpOAHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFlhKJe kgAABAMASDBGAiEA2gOXHEtaVclq8EeIHhXoxzUoFDMljhg8tdcT89FPkQACIQD8 dV0WEmsXa+Hmj/MAjqXMeJMkoR55xa08L3uD5FptQTANBgkqhkiG9w0BAQsFAAOC AQEAVcFjxDMmbeOk1DHgMAsU11Uu5/5U9/uD25VXfZHkYfROcD9tv0rxVKRckZBU Q5EPLgp93o/P5xv4XKlpjEEDaBqddXXkzQ3WvXtQ4g5BH5JbII/SOckaYmpFexls 8X7PIGzE7bwm003Hu8kf/Fy0elsex1DnYoXw5xD84tcDhQzm0WXVTKZVBqqQKDBA 9F9YytGsVkVDMDBivGsHH20sAl2P+2RCt5ZCHzZhDUcHZSQoe3ehv6SYBY5XYd6X 5idsqhxuhGmVFeBXcjuWmrb6pQf9R++2ui09sS0Av6qMTErxGi6WAjIvXKO0eszB sf2F4TP7LeDaKDRfaGvMuiuc+A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG /WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV 4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg== -----END CERTIFICATE-----
以上代码直接拷贝即可使用。虽然以上是过期的证书,但也是可以用于解决问题。
2、宝塔后台开启SSL
拷贝SSL证书代码开启这个新建站点
完成站点SSL HTTPS
第四步:设置默认站点 完成问题解决
将这个新建站点设置为默认站点
到此完成解决访问非开启ssl的站点以https访问却打开是开启ssl站点,这种有点像串站感觉。
最后如果以https访问未开启SSL站点,将不会打开SSL站点了。
Leave a reply