I have different servers and I need to run them all on the same machine. And the certificates are the same. Need to use the same one? What to do, never did. Everything should be over https

  • Is the port number used in the certificate? - Qwertiy ♦
  • @Qwertiy, I can specify one certificate for each server so? Well, I do not know about it yet - vkovalchuk88

2 answers 2

In the nginx configuration, general ssl settings can be moved to the http section:

http { ssl_certificate xyz.ssl.chain.crt; ssl_certificate_key xyz.ssl.key; ssl_dhparam dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ...; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_stapling on; server { listen 443 ssl http2; server_name site.ru; location /service1/ { proxy_pass http://localhost:12000; ... } location /service2/ { proxy_pass http://localhost:12010; ... } } }

Depending on the tasks, the other settings can be viewed here ngx_http_proxy_module , and if fastcgi is used, then ngx_http_fastcgi_module is used (replacing proxy_pass with fastcgi_pass ).

  • Comments are not intended for extended discussion; conversation moved to chat . - Nick Volynkin ♦

The HTTPS connection is established BEFORE the actual request goes to the WEB server, it is parsed into its component parts and it becomes clear which of the virtual servers it should be sent to. Accordingly, the browser must verify the HTTPS certificate even before it sends the request to the server. Problem. If several virtual sites are hosted on a WEB server, then a wildcard certificate must be used, i.e. it confirms the name of the form * .domain.com. This certificate will work on any of the sites in domain.com. It is also possible special cases, for example, in the certificate you can specify only specific names of virtual sites.