Answer the question
In order to leave comments, you need to log in
Struggling with HTTPS - how to set up SNI?
Task and input data:
1. There is a VPS with one white IP4
2. There are 5 working sites that the management wanted to transfer to work on HTTPS
The problem is that you can hang 1 domain on one ip, all the remaining 4 go to the forest.
Neither the management nor I have a desire to buy one external ip for each site, because I will have to steer this economy ...
Question - I googled and found a solution to my question - use SNI - but there is not much information on the Internet and it is mostly outdated How is this technology now?
In the process of setting up the site for http mode, a very unpleasant glitch happened that I would very much like to exclude from my experience in the future -
It looks like this - there is a site https://mysite.ru- works as the doctor ordered.
Do not forget that other sites are sitting on the same white IP and they work quite normally.
Only the devil pulled me to type https://name of the second site.ru - damn it !!!, and we see a browser notification that the certificate is incorrect, run away from here thieves and setup - in short, how can the first and second sites intersect and where does the wrong certificate from the first site ???? How??!! Where could I mess up??
OS Ubuntu 16.04 server
Nginx
PHP-FPM
Answer the question
In order to leave comments, you need to log in
When requesting a site via https, your browser knocks on port 443, nginx checks if there are sites with such a domain on port 443, if not, it returns the first one in the list. Here is a link to the docs on how nginx handles requests, there is more detail and not as crude as I described.
https://nginx.org/ru/docs/http/request_processing.html
Simply put, there are 2 ways to solve your problem:
1. Set https to all sites, even those that you do not want to transfer to https, but at the same time make a redirect from https on http.
2. Buy a separate ip for each site, or at least 1 ip for those who have https and a second one for those who do not, and specify in the site config which ip will process requests to the site.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question