我有一个使用以下配置的 YARP 网关:
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://+:80"
},
"HttpsInlineCertAndKeyFile": {
"Url": "https://+:443",
"Certificate": {
"Path": "/tls/bundle.crt",
"KeyPath": "/tls/cert.key"
}
}
}
}
我添加了一个带有新域的新网站,现在该网站需要使用另一个证书。 文档显示了此配置:
{
"Kestrel": {
"Endpoints": {
"MySniEndpoint": {
"Url": "https://*",
"SslProtocols": ["Tls11", "Tls12"],
"Sni": {
"a.example.org": {
"Protocols": "Http1AndHttp2",
"SslProtocols": ["Tls11", "Tls12", "Tls13"],
"Certificate": {
"Subject": "<subject; required>",
"Store": "<certificate store; required>",
},
"ClientCertificateMode" : "NoCertificate"
},
"*.example.org": {
"Certificate": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
},
"*": {
// At least one subproperty needs to exist per SNI section or it
// cannot be discovered via IConfiguration
"Protocols": "Http1",
}
}
}
},
"Certificates": {
"Default": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
}
}
}
但是与我当前的配置没有任何共同点,我担心我会把它搞砸。此场景的正确配置是什么:
主网站 -> *.site-a.com [一切正常]
新网站 -> site-b.com [我得到了
.crt.key允许 HTTP (80) 流量,它们将通过
app.UseHttpsRedirection()site-b.comb-bundle.crtb-cert.keysite-a.combundle.crtcert.key不知道如何解决这个问题,为什么不在第二个网站的 appsettings.json 中添加另一个部分。 “第二”:“把你的东西放在这里”,然后阅读@Parsa99 – 用户123456 24 分钟前 基本设置
{
"ElmahIo": {
"ApiKey": "f319771f6d16480d9a6e8002b204d1c0",
"LogId": "61708bee-67b3-4f0a-92dd-d133d6ab458b",
"Application": "Elmah.IO.WebApi"
},
"Serilog": {
"MinimumLevel": "Information",
"Override": {
"Microsoft.AspNetCore": "Warning"
},
"WriteTo": [
{
"Name": "File",
"Args": {
"rollingInterval": "Month"
}
}
]
},
"AllowedHosts": "*",
"ConnectionStrings": {
"HrSoultion": "server=.;database=HrSoultionv3;Trusted_Connection=True;MultipleActiveResultSets=true;TrustServerCertificate=True;Integrated Security=True;"
},
"Certificates": {
"Default": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
},
"Certificates2": {
"Default": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
}
}