Menu
I'd love to use nginx to serve a website with multiple domain names and SSL:
Both use the same vhost so I only set the server_name twice. Problem is, that I need nginx to serve the correct ssl certificate for each domain name.
Is this possible with one vhost or do I need to set up two vhosts?
424
The simple answer is a resounding Yes! You absolutely can use one SSL certificate for multiple domains — or one SSL certificate for multiple subdomains in addition to domains.
To configure an HTTPS server, the ssl parameter must be enabled on listening sockets in the server block, and the locations of the server certificate and private key files should be specified: server { listen 443 ssl; server_name www.example.com; ssl_certificate www. example.com.
Edit November 2014: the initial answer is not correct and is incomplete ; it needed a refresh! here it is.
Basically, there are two cases
- You own a wildcard certificate (or multi-domains certificate)
In this case, you may use several vhosts listening to the same IP address/https port, and both vhosts use the same certificate (listening on all interfaces), e.g.
server { listen 443; server_name webmail.example.com; root /var/www/html/docs/sslexampledata; ssl on; ssl_certificate /var/www/ssl/samecertif.crt; ssl_certificate_key /var/www/ssl/samecertif.key; ... } server { listen 443; server_name webmail.beispiel.de; root /var/www/html/docs/sslbeispieldata; ssl on; ssl_certificate /var/www/ssl/samecertif.crt; ssl_certificate_key /var/www/ssl/samecertif.key; ... } or in you specific case, having both domains served by the same data
server { listen 443; server_name webmail.example.com webmail.beispiel.de; # <== 2 domains root /var/www/html/docs/sslbeispieldata; ssl on; ssl_certificate /var/www/ssl/samecertif.crt; ssl_certificate_key /var/www/ssl/samecertif.key; ... }
- You have two(+) different certificates
The case above (one IP for all certificates) will still work with modern browsers via Server Name Indication. SNI has the client (browser) send the host it wants to reach in the request header, allowing the server (nginx) to deal with vhosts before having to deal with the certificate. The configuration is the same as above, except that each vhost has a specific certificate, crt and key.
(nginx support SNI from 0.9.8f, check your nginx server is SNI compliant)
(also, SF talks about SNI and browser support)
Otherwise, if you want to reach older browsers as well, you need several vhosts listening each to a different IP addresses/https ports, e.g.
server { listen 1.2.3.4:443; # <== IP 1.2.3.4 server_name webmail.example.com; root /var/www/html/docs/sslexampledata; ssl on; ssl_certificate /var/www/ssl/certifIP1example.crt; ssl_certificate_key /var/www/ssl/certifIP1example.key; ... } server { listen 101.102.103:443; <== different IP server_name webmail.beispiel.de; root /var/www/html/docs/sslbeispieldata; ssl on; ssl_certificate /var/www/ssl/certifIP2beispiel.crt; ssl_certificate_key /var/www/ssl/certifIP2beispiel.key; ... } The reason is well explained here.
163
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
