阿里云共享虚拟主机的 https 访问互串是正常现象?

2018-10-04 10:51:59 +08:00
 liuxu

我的域名是https://www.liuquanhao.com,但是我访问https://www.lzj666.com却访问到我的站,而且证书都是我的,但是http://www.lzj666.com却是他自己的站。我这个是什么情况?我问客服,他说是正常显现。。

以下是客服回复:

您好,久等了,联系后端核实,这个不是镜像,是由于您使用的是共享虚拟主机,共享主机都是共有一个 ip 地址的,所以部署了 https 后,其他站点也可以通过 https 访问到,但其他网站访问 https 会出现证书不授信,这个不影响的,如果您介意,建议你最好将共享主机升级到独享主机部署 https,使用独立 ip 就不会出现这个问题了,谢谢

但实际 ip 并不同:

liuxu@liuxu-TM1612:~$ dig +noall +answer www.liuquanhao.com
www.liuquanhao.com.	213	IN	A	139.129.155.148
liuxu@liuxu-TM1612:~$ dig +noall +answer www.lzj666.com
www.lzj666.com.		1	IN	A	139.129.155.150

而且有一堆邻居是一样的情况:

以下是 curl 信息:

liuxu@liuxu-TM1612:~$ curl -L --insecure -I -v https://www.liuquanhao.com
* Rebuilt URL to: https://www.liuquanhao.com/
*   Trying 139.129.155.148...
* TCP_NODELAY set
* Connected to www.liuquanhao.com (139.129.155.148) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=www.liuquanhao.com
*  start date: Sep 30 00:00:00 2018 GMT
*  expire date: Sep 30 12:00:00 2019 GMT
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G1
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> HEAD / HTTP/1.1
> Host: www.liuquanhao.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Thu, 04 Oct 2018 02:43:49 GMT
Date: Thu, 04 Oct 2018 02:43:49 GMT
< Server: Apache
Server: Apache
< Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
< ETag: "12c0aab-5636-5773ee0860a46"
ETag: "12c0aab-5636-5773ee0860a46"
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 22070
Content-Length: 22070
< Vary: Accept-Encoding,User-Agent
Vary: Accept-Encoding,User-Agent
< Content-Type: text/html
Content-Type: text/html
< X-Pad: avoid browser bug
X-Pad: avoid browser bug

< 
* Connection #0 to host www.liuquanhao.com left intact



liuxu@liuxu-TM1612:~$ curl -L --insecure -I -v https://www.lzj666.com
* Rebuilt URL to: https://www.lzj666.com/
*   Trying 139.129.155.150...
* TCP_NODELAY set
* Connected to www.lzj666.com (139.129.155.150) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=www.liuquanhao.com
*  start date: Sep 30 00:00:00 2018 GMT
*  expire date: Sep 30 12:00:00 2019 GMT
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G1
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> HEAD / HTTP/1.1
> Host: www.lzj666.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Thu, 04 Oct 2018 02:44:07 GMT
Date: Thu, 04 Oct 2018 02:44:07 GMT
< Server: Apache
Server: Apache
< Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
< ETag: "12c0aab-5636-5773ee0860a46"
ETag: "12c0aab-5636-5773ee0860a46"
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 22070
Content-Length: 22070
< Vary: Accept-Encoding,User-Agent
Vary: Accept-Encoding,User-Agent
< Content-Type: text/html
Content-Type: text/html
< X-Pad: avoid browser bug
X-Pad: avoid browser bug

< 
* Connection #0 to host www.lzj666.com left intact

ssl 的原因是因为共用一个/etc/ssl/certs/ca-certificates.crt?可域名访问串呢。。。

据我所知,访问域名时 nginx 的server_name会拒绝其他域名访问的,与listen 443 ssl并无关。。

所以有人知道这是什么情况不?

1914 次点击
所在节点    全球工单系统
5 条回复
luminous
2018-10-04 11:07:08 +08:00
别人的那个站没配置 https 呗 返回的就是默认证书
liuxu
2018-10-04 11:08:46 +08:00
@luminous 为什么我的成了默认证书。。
luminous
2018-10-04 11:14:06 +08:00
@liuxu 这个可能这 ip 只有你们两个人用 nginx 对 ip 返回的默认证书似乎取决于配置文件的顺序 我觉得商家针对这种情况应该自行设置一个自己的证书
jessynt
2018-10-04 11:28:35 +08:00
关键词:SNI
LukeChien
2018-10-04 11:33:16 +08:00
htaccess 文件给他禁掉

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/494833

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX