Configure Multiple Domain In Ngnix

Author Avatar
Young Hug May 16, 2021

The key is using the SNI.

Pre-work

Check if your nginx support SNI.

1
nginx -V

If the output is TLS SNI support enabled, it means your nginx has enabled SNI.

Configure

There are two types below for configuring multiple domains with https in this article.

non terminating, TLS pass through

Pass the TLS stream to an upstream server, based on the domain name from TLS SNI field. This does not terminate TLS.
The upstream server can serve HTTPS or other TLS secured TCP responses.

1
2
3
4
5
6
7
8
9
10
11
12
13
stream {  

  map $ssl_preread_server_name $targetUpstream {
    b1.mydomain.com  upstream1.example.com:443;
    b2.mydomain.com  upstream2.example.com:443;
  }   
 
  server {
    listen 443;
    proxy_pass $targetUpstream;       
    ssl_preread on;
  }
}

terminating TLS, forward TCP

Terminate TLS and forward the plain TCP to the upstream server.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
stream {  

  map $ssl_server_name $targetUpstream {
    b1.mydomain.com  upstream1.example.com:443;
    b2.mydomain.com  upstream2.example.com:443;
  }

  map $ssl_server_name $targetCert {
    b1.mydomain.com /certs/server-cert1.pem;
    b2.mydomain.com /certs/server-cert2.pem;
  }

  map $ssl_server_name $targetCertKey {
    b1.mydomain.com /certs/server-key1.pem;
    b2.mydomain.com /certs/server-key2.pem;
  }
  
  server {
    listen 443 ssl; 
    ssl_certificate     $targetCert;
    ssl_certificate_key $targetCertKey;
    proxy_pass $targetBackend;
  } 
}

Note:

This method is strictly to verify ssl certifations. It will have an impact on your CNAME.

References

  1. https://nginx.org/en/docs/http/configuring_https_servers.html
  2. https://gist.github.com/kekru/c09dbab5e78bf76402966b13fa72b9d2

This blog is under a CC BY-NC-SA 3.0 Unported License
Link to this article: https://younggod.netlify.app/2021/05/16/Practice/nginxWithMultipleDomain/

Powered by Hexo
Theme - Material
本站总访问量 |