parametrize the server name in nginx conf -


i have multiple domains pointing same vm. (mydomain1.com, mydomain2.com, mydomain3.eu) have huge nginx.conf looks this:

server {     listen 443 ssl;     server_name   *.mydomain1.com;     ssl  on;     ssl_certificate  /etc/nginx/ssl/mydomain1.com.chained.crt;     ssl_certificate_key  /etc/nginx/ssl/mydomain1.com.key;     # hundred more lines of rules } server {     listen 443 ssl;     server_name   *.mydomain2.com;     ssl  on;     ssl_certificate  /etc/nginx/ssl/mydomain2.com.chained.crt;     ssl_certificate_key  /etc/nginx/ssl/mydomain2.com.key;     # same hundred more lines of rules } server {     listen 443 ssl;     server_name   *.mydomain3.eu;     ssl  on;     ssl_certificate  /etc/nginx/ssl/mydomain3.eu.chained.crt;     ssl_certificate_key  /etc/nginx/ssl/mydomain3.eu.key;     # same hundred more lines of rules } 

is there way shorten - because i'm cloning such huge code blcok when have add new domain , change 3 lines domain name differs. thought kind of parametrization, (without knowing correct syntax):

server_name = {request_server_name} ssl_certificate  /etc/nginx/ssl/${server_name}.chained.crt; ssl_certificate_key  /etc/nginx/ssl/${server_name}.key; 

is possible? how?

there 2 things can it

multi domain san certificate

you can purchase multi domain san certificate. allows use different domains in same certificate. way wont have have multiple blocks. in case using self-signed certificate can still create san certificate yourself

use openrestry or nginx+lua

you can use openresty or nginx lua support , use ssl_certificate_by_lua_block directive of same.

syntax: ssl_certificate_by_lua_block { lua-script }

context: server

phase: right-before-ssl-handshake

this directive runs user lua code when nginx start ssl handshake downstream ssl (https) connections.

it particularly useful setting ssl certificate chain , corresponding private key on per-request basis. useful load such handshake configurations nonblockingly remote (for example, cosocket api). , 1 can per-request ocsp stapling handling in pure lua here well.

https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block

also see below articles example implementations

https://medium.com/@mtourne/how-to-use-nginx-for-ssl-termination-for-any-domain-dc2e2c630058

https://blog.readme.io/auto-generating-ssl-certificates-for-custom-domains-using-lets-encrypt/


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -