nginx - set multiple server_name with ssl-support nginx - set multiple server_name with ssl-support nginx nginx

nginx - set multiple server_name with ssl-support


ssl nginx ssl-certificate vhosts

Edit November 2014: the initial answer is not correct and is incomplete ; it needed a refresh! here it is.

Basically, there are two cases

- You own a wildcard certificate (or multi-domains certificate)

In this case, you may use several vhosts listening to the same IP address/https port, and both vhosts use the same certificate (listening on all interfaces), e.g.

server {  listen 443;  server_name webmail.example.com;  root /var/www/html/docs/sslexampledata;  ssl on;  ssl_certificate /var/www/ssl/samecertif.crt;  ssl_certificate_key /var/www/ssl/samecertif.key;  ...}server {  listen 443;  server_name webmail.beispiel.de;  root /var/www/html/docs/sslbeispieldata;  ssl on;  ssl_certificate /var/www/ssl/samecertif.crt;  ssl_certificate_key /var/www/ssl/samecertif.key;  ...}

or in you specific case, having both domains served by the same data

server {  listen 443;  server_name webmail.example.com webmail.beispiel.de; # <== 2 domains  root /var/www/html/docs/sslbeispieldata;  ssl on;  ssl_certificate /var/www/ssl/samecertif.crt;  ssl_certificate_key /var/www/ssl/samecertif.key;  ...}



- You have two(+) different certificates

The case above (one IP for all certificates) will still work with modern browsers via Server Name Indication. SNI has the client (browser) send the host it wants to reach in the request header, allowing the server (nginx) to deal with vhosts before having to deal with the certificate. The configuration is the same as above, except that each vhost has a specific certificate, crt and key.

(nginx support SNI from 0.9.8f, check your nginx server is SNI compliant)
(also, SF talks about SNI and browser support)

Otherwise, if you want to reach older browsers as well, you need several vhosts listening each to a different IP addresses/https ports, e.g.

server {  listen 1.2.3.4:443; # <== IP 1.2.3.4  server_name webmail.example.com;  root /var/www/html/docs/sslexampledata;  ssl on;  ssl_certificate /var/www/ssl/certifIP1example.crt;  ssl_certificate_key /var/www/ssl/certifIP1example.key;  ...}server {  listen 101.102.103:443; <== different IP  server_name webmail.beispiel.de;  root /var/www/html/docs/sslbeispieldata;  ssl on;  ssl_certificate /var/www/ssl/certifIP2beispiel.crt;  ssl_certificate_key /var/www/ssl/certifIP2beispiel.key;  ...}

The reason is well explained here.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last