I often encounter following problem.
I have an nginx server serving two hostnames via https on the same IP and the same port. Each host name has it's own cert.
What I am doing so far is to have two configurations:
server {
listen 443 ssl;
server_name www.example1.com;
ssl_certificate www.example1.com.crt;
ssl_certificate_key www.example1.com.key;
ssl_protocols ...;
ssl_ciphers ...;
...
}
and
server {
listen 443 ssl;
server_name www.example2.com;
ssl_certificate www.example2.com.crt;
ssl_certificate_key www.example2.com.key;
ssl_protocols ...;
ssl_ciphers ...;
...
}
Is there any trick to have this done in only one server block?
The reason I'm asking is, that both servers share apart of the name and the cert exactly the same config.
What I do so far is:
server {
listen 443 ssl;
server_name www.example1.com;
ssl_certificate www.example1.com.crt;
ssl_certificate_key www.example1.com.key;
include /etc/nginx/common_config/example1_and_2/*;
}
server {
listen 443 ssl;
server_name www.example2.com;
ssl_certificate www.example2.com.crt;
ssl_certificate_key www.example2.com.key;
include /etc/nginx/common_config/example1_and_2/*;
}
Can this be improved is there some standard recommendation? If this is at good as it gets, is there at least a recommendation for the path to such common config giles?
The
server_namecan have a list of multiple hostnames, e.g.While (since 1.11.0) it has been possible to load multiple certificate in a single
server { }block, it's for multiple different types (e. g.RSA and ECDSA), not for multiple hostnames. But it's possible to use variables inssl_certificate:For the performance impact mentioned I wouldn't recommend that, but would combine all the hostnames for the same
server { }block into a single certificate as Subject Alternative Names (SAN), instead.