I have this NGINX configuration as follows:
# jelastic is a wildcard certificate for *.shared-hosting.xyz
server {
listen 443;
server_name _;
ssl on;
ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
}
# fullchain2 is a certificate for custom domain
server {
listen 443 ssl;
server_name my-custom-domain-demo.xyz www.my-custom-domain-demo.com;
ssl_certificate /var/lib/nginx/ssl/my-custom-domain-demo.xyz/fullchain2.pem;
ssl_certificate_key /var/lib/nginx/ssl/my-custom-domain-demo.xyz/privkey2.pem;
}
# additional configuration for other custom domains follows
The NGINX server receives requests with host having a pattern like of *.shared-hosting.xyz
, e.g. website1.shared-hosting.xyz
, website2.shared-hosting.xyz
and also with variable hosts having different domains like my-custom-domain-demo.xyz
or another-custom-domain-demo.xyz
etc.
Now the problem is the lower server
NGINX configuration overrides the upper configuration. Having it, the upper does not work anymore,
and accessing *.shared-hosting.xyz
returns certificate error, and browser is telling the certificate is for my-custom-domain-demo.xyz
only.
What can be done with this such that the lower NGINX config triggers for *.shared-hosting.xyz
domains and every other additional server configuration will not trigger
when host is in the pattern of *.shared-hosting.xyz
?
The server_name _;
is irrelevant (and is not required in modern versions of nginx
). If a server
with a matching listen
and server_name
cannot be found, nginx
will use the default server.
In the absence of a default_server
suffix to the listen
directive, nginx
will use the first server
block with a matching listen
.
If your configurations are spread across multiple files, there evaluation order will be ambiguous, so you need to mark the default server explicitly.
Try this for the jelastic
server block:
server {
listen 443 ssl default_server;
ssl_certificate /var/lib/jelastic/SSL/jelastic.chain;
ssl_certificate_key /var/lib/jelastic/SSL/jelastic.key;
...
}
See this document for more.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With