how to configure ssl for a subdomain on nginx

Currently Nginx is configured so that it accepts a wildcard SSL certificate for domain ex: *.website.com.

Instead of buying an expensive wildcard certificate I bought a single domain SSL certificate for the top domain website.com

Now, I found out that the service actually uses two subdomains that also need to be under SSL.

ex: a.website.com and b.website.com

Question.

How do I change the nginx configuration so that when I buy a single subdomain SSL certificate for a.website.com I can point nginx to use it.

Here is what the Nginx file currently looks like:

server {
        listen 80;
        server_name website.io www.website.io;
        return 301 https://website.io$request_uri;
}

server {
        listen 443 ssl;
        ssl on;
        server_name website.io www.website.io;
    client_max_body_size 5m;
        add_header X-UA-Compatible    "IE=Edge,chrome=1";

    access_log /var/log/nginx/website.io_access.log;
    error_log /var/log/nginx/website.io_error.log;  

        ssl_certificate /srv/ssl/website.io/ssl.crt;
        ssl_certificate_key /srv/ssl/website.io/ssl.key;

        error_page 500 502 503 504 /500.html;
        location /500.html {
                root  /srv/static/website/maintenance;
        }

        location / {
        #auth_basic            "Restricted";
                #auth_basic_user_file  /etc/nginx/htpasswd.conf;

                include uwsgi_params;
        uwsgi_connect_timeout 30;
        uwsgi_read_timeout 30;
                uwsgi_pass 127.0.0.4:3031;
        }
}

Solution 1:

Your config would turn into something like this (I've changed the domains in your example to the domains a.website.com and b.website.com as per the body of your question for clarity)

server {
        listen 80;
        server_name a.website.com;
        return 301 https://a.website.com$request_uri;
        }   

server {
        listen 443 ssl;
        server_name a.website.com;
        client_max_body_size 5m;
        add_header X-UA-Compatible    "IE=Edge,chrome=1";

        access_log /var/log/nginx/a.website_access.log;
        error_log /var/log/nginx/a.website_error.log;  

        ssl_certificate /srv/ssl/a.website/ssl.crt;
        ssl_certificate_key /srv/ssl/a.website/ssl.key;

        error_page 500 502 503 504 /500.html;
        location /500.html {
                root  /srv/static/website/maintenance;
        }

        location / {
                #auth_basic            "Restricted";
                #auth_basic_user_file  /etc/nginx/htpasswd.conf;
                include uwsgi_params;
                uwsgi_connect_timeout 30;
                uwsgi_read_timeout 30;
                uwsgi_pass 127.0.0.4:3031;
        }
}

server {
        listen 80;
        server_name b.website.com;
        return 301 https://b.website.com$request_uri;
        }   

server {
        listen 443 ssl;
        server_name b.website.com;
        client_max_body_size 5m;
        add_header X-UA-Compatible    "IE=Edge,chrome=1";

        access_log /var/log/nginx/b.website.com_access.log;
        error_log /var/log/nginx/b.website.com_error.log;  

        ssl_certificate /srv/ssl/b.website.com/ssl.crt;
        ssl_certificate_key /srv/ssl/b.website.com/ssl.key;

        error_page 500 502 503 504 /500.html;
        location /500.html {
                root  /srv/static/website/maintenance;
        }

        location / {
                #auth_basic            "Restricted";
                #auth_basic_user_file  /etc/nginx/htpasswd.conf;
                include uwsgi_params;
                uwsgi_connect_timeout 30;
                uwsgi_read_timeout 30;
                uwsgi_pass 127.0.0.4:3031;
        }
}

You can repeat this for as many sites as required, it just defines an additional server block(s) for each site