Answer the question
In order to leave comments, you need to log in
W
W
WSGlebKavash2022-03-30 17:15:29
WSGlebKavash, 2022-03-30 17:15:29
How to set up nginx for multiple addresses and domains?
The server has several ip-addresses and domains with which it can work. How to configure nginx so that for each address or domain it gives its own tls certificate?
current config:
server {
listen *:80;
# listen 443 http3 reuseport;
listen *:443 ssl;
root /var/www/trainzcity.myftp.org/html;
index index.html index.htm index.nginx-debian.html;
server_name trainzcity.myftp.org;
ssl_certificate /etc/nginx/certs/0001_chain.pem;
ssl_certificate_key /etc/nginx/certs/key-384r1.key;
ssl_protocols TLSv1.3;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen *:80;
# listen 443 http3 reuseport;
listen *:443 ssl;
root /var/www/trainzcity.myftp.org/html;
index index.html index.htm index.nginx-debian.html;
server_name nix-adserver nix-adserver.trainzcity.myftp.org;
ssl_certificate /path/to/pki/nix-adserver.trainzcity.myftp.org.crt;
ssl_certificate_key /path/to/pki/nix-adserver.trainzcity.myftp.org.key;
ssl_protocols TLSv1.3;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
# listen 192.168.10.2:443 http3 reuseport;
listen 443 ssl;
root /var/www/trainzcity.myftp.org/html;
index index.html index.htm index.nginx-debian.html;
server_name 192.168.10.2;
ssl_certificate /path/to/pki/trainzcity.myftp.org.crt;
ssl_certificate_key /path/to/pki/trainzcity.myftp.org.key;
ssl_protocols TLSv1.3;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen *:80;
# listen 443 http3 reuseport;
listen *:443 ssl;
root /var/www/trainzcity.myftp.org/html;
index index.html index.htm index.nginx-debian.html;
server_name 1.1.1.1;
ssl_certificate /path/to/pki/rainzcity.myftp.org.crt;
ssl_certificate_key /path/to/pki/trainzcity.myftp.org.key;
ssl_protocols TLSv1.3;
location / {
try_files $uri $uri/ =404;
}
}Explanations:
nix-adserver - короткое (NetBIOS) имя сервера
nix-adserver.trainzcity.myftp.org - полное доменное имя сервера
trainzcity.myftp.org - внешнее доменное имя сервера, доступное из интернета
192.168.10.2 - внутренний IP-адрес сервера, маршрутизирующийся в локальной сети
1.1.1.1 - внешний IP-адрес сервера, маршрутизирующийся в интернете
nix-adserver.trainzcity.myftp.org - полное доменное имя сервера
trainzcity.myftp.org - внешнее доменное имя сервера, доступное из интернета
192.168.10.2 - внутренний IP-адрес сервера, маршрутизирующийся в локальной сети
1.1.1.1 - внешний IP-адрес сервера, маршрутизирующийся в интернете
1 answer(s)
@karabanov
It makes no sense to copy configs for individual IPs. The directives
In fact, one server section is enough, it's not clear why you need this internal name. If you describe in more detail what goal you are pursuing, I can supplement the config.
A
Alexander Karabanov, 2022-03-30 @karabanov
This will suffice:
server {
listen 80;
# listen 443 http3 reuseport;
listen 443 ssl;
root /var/www/trainzcity.myftp.org/html;
index index.html index.htm index.nginx-debian.html;
server_name trainzcity.myftp.org;
ssl_certificate /etc/nginx/certs/0001_chain.pem;
ssl_certificate_key /etc/nginx/certs/key-384r1.key;
ssl_protocols TLSv1.3;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
# listen 443 http3 reuseport;
listen 443 ssl;
root /var/www/trainzcity.myftp.org/html;
index index.html index.htm index.nginx-debian.html;
server_name nix-adserver.trainzcity.myftp.org;
ssl_certificate /path/to/pki/nix-adserver.trainzcity.myftp.org.crt;
ssl_certificate_key /path/to/pki/nix-adserver.trainzcity.myftp.org.key;
ssl_protocols TLSv1.3;
location / {
try_files $uri $uri/ =404;
}
}It makes no sense to copy configs for individual IPs. The directives
listen 80already listen 443 sslallow Nginx to listen on all interfaces. In fact, one server section is enough, it's not clear why you need this internal name. If you describe in more detail what goal you are pursuing, I can supplement the config.
Similar questions
N
V
I
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question