W
W
WSGlebKavash2022-03-30 17:15:29
Nginx
WSGlebKavash, 2022-03-30 17:15:29

How to set up nginx for multiple addresses and domains?

The server has several ip-addresses and domains with which it can work. How to configure nginx so that for each address or domain it gives its own tls certificate?

current config:
server {
              listen *:80;
              # listen 443 http3 reuseport;
              listen *:443 ssl;

              root /var/www/trainzcity.myftp.org/html;
              index index.html index.htm index.nginx-debian.html;

              server_name trainzcity.myftp.org;

              ssl_certificate     /etc/nginx/certs/0001_chain.pem;
              ssl_certificate_key /etc/nginx/certs/key-384r1.key;
              ssl_protocols       TLSv1.3;


              location / {
                   try_files $uri $uri/ =404;
              }
        }
        server {
              listen *:80;
              # listen 443 http3 reuseport;
              listen *:443 ssl;

              root /var/www/trainzcity.myftp.org/html;
              index index.html index.htm index.nginx-debian.html;

              server_name nix-adserver nix-adserver.trainzcity.myftp.org;

              ssl_certificate     /path/to/pki/nix-adserver.trainzcity.myftp.org.crt;
              ssl_certificate_key /path/to/pki/nix-adserver.trainzcity.myftp.org.key;
              ssl_protocols       TLSv1.3;


              location / {
                     try_files $uri $uri/ =404;
              }
        }
        server {
              listen 80;
              # listen 192.168.10.2:443 http3 reuseport;
              listen 443 ssl;

              root /var/www/trainzcity.myftp.org/html;
              index index.html index.htm index.nginx-debian.html;

              server_name 192.168.10.2;

              ssl_certificate     /path/to/pki/trainzcity.myftp.org.crt;
              ssl_certificate_key /path/to/pki/trainzcity.myftp.org.key;
              ssl_protocols       TLSv1.3;


              location / {
                     try_files $uri $uri/ =404;
              }
        }
        server {
               listen *:80;
               # listen 443 http3 reuseport;
               listen *:443 ssl;

               root /var/www/trainzcity.myftp.org/html;
               index index.html index.htm index.nginx-debian.html;

               server_name 1.1.1.1;

               ssl_certificate     /path/to/pki/rainzcity.myftp.org.crt;
               ssl_certificate_key /path/to/pki/trainzcity.myftp.org.key;
               ssl_protocols       TLSv1.3;


               location / {
                       try_files $uri $uri/ =404;
               }
        }

Explanations:
nix-adserver - короткое (NetBIOS) имя сервера
nix-adserver.trainzcity.myftp.org - полное доменное имя сервера
trainzcity.myftp.org - внешнее доменное имя сервера, доступное из интернета
192.168.10.2 - внутренний IP-адрес сервера, маршрутизирующийся в локальной сети
1.1.1.1 - внешний IP-адрес сервера, маршрутизирующийся в интернете

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alexander Karabanov, 2022-03-30
@karabanov

This will suffice:

server {
      listen 80;
      # listen 443 http3 reuseport;
      listen 443 ssl;

      root /var/www/trainzcity.myftp.org/html;
      index index.html index.htm index.nginx-debian.html;

      server_name trainzcity.myftp.org;

      ssl_certificate     /etc/nginx/certs/0001_chain.pem;
      ssl_certificate_key /etc/nginx/certs/key-384r1.key;
      ssl_protocols       TLSv1.3;


      location / {
           try_files $uri $uri/ =404;
      }
}

server {
      listen 80;
      # listen 443 http3 reuseport;
      listen 443 ssl;

      root /var/www/trainzcity.myftp.org/html;
      index index.html index.htm index.nginx-debian.html;

      server_name nix-adserver.trainzcity.myftp.org;

      ssl_certificate     /path/to/pki/nix-adserver.trainzcity.myftp.org.crt;
      ssl_certificate_key /path/to/pki/nix-adserver.trainzcity.myftp.org.key;
      ssl_protocols       TLSv1.3;

      location / {
             try_files $uri $uri/ =404;
      }
}

It makes no sense to copy configs for individual IPs. The directives listen 80already listen 443 sslallow Nginx to listen on all interfaces.
In fact, one server section is enough, it's not clear why you need this internal name. If you describe in more detail what goal you are pursuing, I can supplement the config.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question