Multiple SSL vhosts using wildcard certificate in nginx

nginx https ssl ssl-certificate virtualhost

Solution 1:

You need to split vhosts from ssl listening/configuration part:

Listening part:

server {
  listen              127.0.0.1:443 default_server ssl;
  server_name         _;
  ssl_certificate     /etc/ssl/wildcard.cer;
  ssl_certificate_key /etc/ssl/wildcard.key;
}

And now vhosts:

server {
  listen      127.0.0.1:443;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}

server {
  listen      127.0.0.1:443;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}

Solution 2:

It's actually explained in the manual: http://nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
  listen      443 ssl;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}
server {
  listen      443 ssl;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}

Now, if you have many sites, I suggest storing all of them in a folder with just the server{} part as above in single files, and an include directive in the main file to load all of them:

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;

Related

How can I diff two config files?
nginx proxy_pass using subfolder
Default owner/permissions of created files via VSFTPD
Setting up a git repo on my GoDaddy hosting plan
High server load - [jbd2/md1-8] using 99.99% IO
How do I kill processes older than "t"?
Setting up RADIUS + LDAP for WPA2 on Ubuntu
How can I diff two Redhat Linux servers?
noise damping for rackmount servers on-the-cheap [closed]
How do I change the default location for a users home directory in Vista?
Nagios alerts by telephone?
What software is available to keep track of hundreds of servers? [closed]