All geek questions in one place

How to configure NGINX SSL (SNI)

I have this NGINX configuration as follows:

  # jelastic is a wildcard certificate for *.shared-hosting.xyz
  server {
  listen 443;
  server_name _;

  ssl on;
  ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
  ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
  }

  # fullchain2 is a certificate for custom domain
  server {
  listen 443 ssl;
  server_name my-custom-domain-demo.xyz www.my-custom-domain-demo.com;
  ssl_certificate /var/lib/nginx/ssl/my-custom-domain-demo.xyz/fullchain2.pem;
  ssl_certificate_key /var/lib/nginx/ssl/my-custom-domain-demo.xyz/privkey2.pem;
  }
  # additional configuration for other custom domains follows

The NGINX server receives requests with a host that has a template similar to *.shared-hosting.xyz, for example. website1.shared-hosting.xyz, website2.shared-hosting.xyz as well as with variable hosts having different domains, for example my-custom-domain-demo.xyzor another-custom-domain-demo.xyzetc.

Now the problem is that the lower serverNGINX configuration overrides the upper configuration. With this, the upper part no longer works, and access to *.shared-hosting.xyzreturns a certificate error, and the browser reports that the certificate is intended only for my-custom-domain-demo.xyz.

What can be done with this so that lower NGINX configuration settings for domains *.shared-hosting.xyzand any other additional server configurations do not start when the host is in the template *.shared-hosting.xyz?

+4
1

server_name _; ( nginx). server listen server_name , nginx .

default_server listen nginx server listen.

, , .

jelastic:

server {
    listen 443 ssl default_server;

    ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
    ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
    ...
}

. .

+3

Source: https://habr.com/ru/post/1674355/

More articles:


All Articles