V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
工单节点使用指南
• 请用平和的语言准确描述你所遇到的问题
• 厂商的技术支持和你一样也是有喜怒哀乐的普通人类,尊重是相互的
• 如果是关于 V2EX 本身的问题反馈,请使用 反馈 节点
liuxu
V2EX  ›  全球工单系统

阿里云共享虚拟主机的 https 访问互串是正常现象?

  •  
  •   liuxu · 2018-10-04 10:51:59 +08:00 · 1914 次点击
    这是一个创建于 2247 天前的主题,其中的信息可能已经有所发展或是发生改变。

    我的域名是https://www.liuquanhao.com,但是我访问https://www.lzj666.com却访问到我的站,而且证书都是我的,但是http://www.lzj666.com却是他自己的站。我这个是什么情况?我问客服,他说是正常显现。。

    以下是客服回复:

    您好,久等了,联系后端核实,这个不是镜像,是由于您使用的是共享虚拟主机,共享主机都是共有一个 ip 地址的,所以部署了 https 后,其他站点也可以通过 https 访问到,但其他网站访问 https 会出现证书不授信,这个不影响的,如果您介意,建议你最好将共享主机升级到独享主机部署 https,使用独立 ip 就不会出现这个问题了,谢谢

    但实际 ip 并不同:

    liuxu@liuxu-TM1612:~$ dig +noall +answer www.liuquanhao.com
    www.liuquanhao.com.	213	IN	A	139.129.155.148
    liuxu@liuxu-TM1612:~$ dig +noall +answer www.lzj666.com
    www.lzj666.com.		1	IN	A	139.129.155.150
    

    而且有一堆邻居是一样的情况:

    • https://www.lzj666.com 17 17
    • https://139.129.155.147 15 15
    • https://139.129.155.145 15 15
    • https://139.129.155.153 15 15
    • https://139.129.155.151 14 14
    • https://139.129.155.157 14 14
    • https://139.129.155.154 14 14

    以下是 curl 信息:

    liuxu@liuxu-TM1612:~$ curl -L --insecure -I -v https://www.liuquanhao.com
    * Rebuilt URL to: https://www.liuquanhao.com/
    *   Trying 139.129.155.148...
    * TCP_NODELAY set
    * Connected to www.liuquanhao.com (139.129.155.148) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * successfully set certificate verify locations:
    *   CAfile: /etc/ssl/certs/ca-certificates.crt
      CApath: /etc/ssl/certs
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * TLSv1.0 (IN), TLS handshake, Certificate (11):
    * TLSv1.0 (IN), TLS handshake, Server finished (14):
    * TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.0 (OUT), TLS change cipher, Client hello (1):
    * TLSv1.0 (OUT), TLS handshake, Finished (20):
    * TLSv1.0 (IN), TLS handshake, Finished (20):
    * SSL connection using TLSv1.0 / AES256-SHA
    * ALPN, server did not agree to a protocol
    * Server certificate:
    *  subject: CN=www.liuquanhao.com
    *  start date: Sep 30 00:00:00 2018 GMT
    *  expire date: Sep 30 12:00:00 2019 GMT
    *  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G1
    *  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
    > HEAD / HTTP/1.1
    > Host: www.liuquanhao.com
    > User-Agent: curl/7.58.0
    > Accept: */*
    > 
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Date: Thu, 04 Oct 2018 02:43:49 GMT
    Date: Thu, 04 Oct 2018 02:43:49 GMT
    < Server: Apache
    Server: Apache
    < Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
    Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
    < ETag: "12c0aab-5636-5773ee0860a46"
    ETag: "12c0aab-5636-5773ee0860a46"
    < Accept-Ranges: bytes
    Accept-Ranges: bytes
    < Content-Length: 22070
    Content-Length: 22070
    < Vary: Accept-Encoding,User-Agent
    Vary: Accept-Encoding,User-Agent
    < Content-Type: text/html
    Content-Type: text/html
    < X-Pad: avoid browser bug
    X-Pad: avoid browser bug
    
    < 
    * Connection #0 to host www.liuquanhao.com left intact
    
    
    
    liuxu@liuxu-TM1612:~$ curl -L --insecure -I -v https://www.lzj666.com
    * Rebuilt URL to: https://www.lzj666.com/
    *   Trying 139.129.155.150...
    * TCP_NODELAY set
    * Connected to www.lzj666.com (139.129.155.150) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * successfully set certificate verify locations:
    *   CAfile: /etc/ssl/certs/ca-certificates.crt
      CApath: /etc/ssl/certs
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * TLSv1.0 (IN), TLS handshake, Certificate (11):
    * TLSv1.0 (IN), TLS handshake, Server finished (14):
    * TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.0 (OUT), TLS change cipher, Client hello (1):
    * TLSv1.0 (OUT), TLS handshake, Finished (20):
    * TLSv1.0 (IN), TLS handshake, Finished (20):
    * SSL connection using TLSv1.0 / AES256-SHA
    * ALPN, server did not agree to a protocol
    * Server certificate:
    *  subject: CN=www.liuquanhao.com
    *  start date: Sep 30 00:00:00 2018 GMT
    *  expire date: Sep 30 12:00:00 2019 GMT
    *  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G1
    *  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
    > HEAD / HTTP/1.1
    > Host: www.lzj666.com
    > User-Agent: curl/7.58.0
    > Accept: */*
    > 
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Date: Thu, 04 Oct 2018 02:44:07 GMT
    Date: Thu, 04 Oct 2018 02:44:07 GMT
    < Server: Apache
    Server: Apache
    < Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
    Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
    < ETag: "12c0aab-5636-5773ee0860a46"
    ETag: "12c0aab-5636-5773ee0860a46"
    < Accept-Ranges: bytes
    Accept-Ranges: bytes
    < Content-Length: 22070
    Content-Length: 22070
    < Vary: Accept-Encoding,User-Agent
    Vary: Accept-Encoding,User-Agent
    < Content-Type: text/html
    Content-Type: text/html
    < X-Pad: avoid browser bug
    X-Pad: avoid browser bug
    
    < 
    * Connection #0 to host www.lzj666.com left intact
    

    ssl 的原因是因为共用一个/etc/ssl/certs/ca-certificates.crt?可域名访问串呢。。。

    据我所知,访问域名时 nginx 的server_name会拒绝其他域名访问的,与listen 443 ssl并无关。。

    所以有人知道这是什么情况不?

    第 1 条附言  ·  2018-10-04 11:53:36 +08:00
    客服已调整,结帖。
    luminous
        1
    luminous  
       2018-10-04 11:07:08 +08:00 via Android
    别人的那个站没配置 https 呗 返回的就是默认证书
    liuxu
        2
    liuxu  
    OP
       2018-10-04 11:08:46 +08:00
    @luminous 为什么我的成了默认证书。。
    luminous
        3
    luminous  
       2018-10-04 11:14:06 +08:00 via Android
    @liuxu 这个可能这 ip 只有你们两个人用 nginx 对 ip 返回的默认证书似乎取决于配置文件的顺序 我觉得商家针对这种情况应该自行设置一个自己的证书
    jessynt
        4
    jessynt  
       2018-10-04 11:28:35 +08:00
    关键词:SNI
    LukeChien
        5
    LukeChien  
       2018-10-04 11:33:16 +08:00 via Android
    htaccess 文件给他禁掉
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5165 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 05:42 · PVG 13:42 · LAX 21:42 · JFK 00:42
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.