Multiple SSL vhosts using wildcard certificate in nginx

nginx ssl virtualhost ssl-certificate https
36,769

Solution 1

You need to split vhosts from ssl listening/configuration part:

Listening part:

server {
  listen              127.0.0.1:443 default_server ssl;
  server_name         _;
  ssl_certificate     /etc/ssl/wildcard.cer;
  ssl_certificate_key /etc/ssl/wildcard.key;
}

And now vhosts:

server {
  listen      127.0.0.1:443;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}

server {
  listen      127.0.0.1:443;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}

Solution 2

It's actually explained in the manual: http://nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
  listen      443 ssl;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}
server {
  listen      443 ssl;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}

Now, if you have many sites, I suggest storing all of them in a folder with just the server{} part as above in single files, and an include directive in the main file to load all of them:

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;
Share:
36,769

Related videos on Youtube

vincent.io
Author by

vincent.io

I'm an Entrepreneur and Product Designer, combining my backgrounds in design, business and software development to build products that deliver great experiences. I'm cofounder and CEO at Content Optimization service ContentKing. Apart from ContentKing I am the chairman of C-Squared, a non-profit organization based in Brno, Czech Republic that connects companies to local tech communities. From time to time I dabble in code and build robots. The first robot I ever built committed suicide by taking the stairs. I fixed that bug in the second revision, but it didn’t do much more than avoiding stairs. Originally from The Netherlands, I'm currently living in Brno, Czech Republic. In my spare time I love running, reading and hiking. On top of that I have a passion for aviation, and hope to fly my own HondaJet one day.

Updated on September 18, 2022

Comments

  • vincent.io
    vincent.io over 1 year

    I have two hostnames sharing the same domain name which I want to serve over HTTPs. I've got a wildcard-SSL certificate and created two vhost configs:

    Host A

    listen      127.0.0.1:443 ssl;
server_name     a.example.com;
root        /data/httpd/a.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;

    Host B

    listen      127.0.0.1:443 ssl;
server_name     b.example.com;
root        /data/httpd/b.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;

    However, I get the same vhost served for either hostname.

  • Pothi Kalimuthu
    Pothi Kalimuthu over 10 years
    This wouldn't work. A vhost needs ssl_certificate and ssl_certificate_key that should be configured inside server or http location. In your example, you have declared it inside the first server location, but didn't declare it for the other two vhosts.
  • vincent.io
    vincent.io over 10 years
    Apparently you need to restart nginx instead of reloading it when doing these changes. Many thanks, your answer works like a charm :)
  • Dave S.
    Dave S. over 9 years
    Thanks for this, I needed ssl on the listen directive for this to work with a 1.4.x nginx. My listen directives in the vhosts also had to be literally the same (logical equivalence was not sufficient).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

NGINX + SSL certificate securing the connection in some browsers only
Curl SSL error certificate has expired
How can I use an SSL certificate generated with Java keytool with Nginx?
Nginx. How do I reject request to unlisted ssl virtual server?
Redirect non-www to www over SSL with Nginx
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
Some clients accept SSL cert; others reject it
Nginx config to proxy pass to external ip and port (https -> http)
Redirect HTTP to HTTPS from Nginx is not working
How to fix PR_END_OF_FILE_ERROR when using nginx with ssl?