Multiple SSL vhosts using wildcard certificate in nginx
Solution 1
You need to split vhosts from ssl listening/configuration part:
Listening part:
server {
listen 127.0.0.1:443 default_server ssl;
server_name _;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
}
And now vhosts:
server {
listen 127.0.0.1:443;
server_name a.example.com;
root /data/httpd/a.example.com;
}
server {
listen 127.0.0.1:443;
server_name b.example.com;
root /data/httpd/b.example.com;
}
Solution 2
It's actually explained in the manual: http://nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
listen 443 ssl;
server_name a.example.com;
root /data/httpd/a.example.com;
}
server {
listen 443 ssl;
server_name b.example.com;
root /data/httpd/b.example.com;
}
Now, if you have many sites, I suggest storing all of them in a folder with just the server{} part as above in single files, and an include directive in the main file to load all of them:
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;
Related videos on Youtube
vincent.io
I'm an Entrepreneur and Product Designer, combining my backgrounds in design, business and software development to build products that deliver great experiences. I'm cofounder and CEO at Content Optimization service ContentKing. Apart from ContentKing I am the chairman of C-Squared, a non-profit organization based in Brno, Czech Republic that connects companies to local tech communities. From time to time I dabble in code and build robots. The first robot I ever built committed suicide by taking the stairs. I fixed that bug in the second revision, but it didn’t do much more than avoiding stairs. Originally from The Netherlands, I'm currently living in Brno, Czech Republic. In my spare time I love running, reading and hiking. On top of that I have a passion for aviation, and hope to fly my own HondaJet one day.
Updated on September 18, 2022Comments
-
vincent.io over 1 year
I have two hostnames sharing the same domain name which I want to serve over HTTPs. I've got a wildcard-SSL certificate and created two vhost configs:
Host A
listen 127.0.0.1:443 ssl; server_name a.example.com; root /data/httpd/a.example.com; ssl_certificate /etc/ssl/wildcard.cer; ssl_certificate_key /etc/ssl/wildcard.key;
Host B
listen 127.0.0.1:443 ssl; server_name b.example.com; root /data/httpd/b.example.com; ssl_certificate /etc/ssl/wildcard.cer; ssl_certificate_key /etc/ssl/wildcard.key;
However, I get the same vhost served for either hostname.
-
Pothi Kalimuthu over 10 yearsThis wouldn't work. A vhost needs
ssl_certificate
andssl_certificate_key
that should be configured insideserver
orhttp
location. In your example, you have declared it inside the firstserver
location, but didn't declare it for the other two vhosts. -
vincent.io over 10 yearsApparently you need to restart nginx instead of reloading it when doing these changes. Many thanks, your answer works like a charm :)
-
Dave S. over 9 yearsThanks for this, I needed
ssl
on thelisten
directive for this to work with a 1.4.x nginx. Mylisten
directives in the vhosts also had to be literally the same (logical equivalence was not sufficient).