parametrize the server name in nginx conf -
i have multiple domains pointing same vm. (mydomain1.com, mydomain2.com, mydomain3.eu) have huge nginx.conf looks this:
server { listen 443 ssl; server_name *.mydomain1.com; ssl on; ssl_certificate /etc/nginx/ssl/mydomain1.com.chained.crt; ssl_certificate_key /etc/nginx/ssl/mydomain1.com.key; # hundred more lines of rules } server { listen 443 ssl; server_name *.mydomain2.com; ssl on; ssl_certificate /etc/nginx/ssl/mydomain2.com.chained.crt; ssl_certificate_key /etc/nginx/ssl/mydomain2.com.key; # same hundred more lines of rules } server { listen 443 ssl; server_name *.mydomain3.eu; ssl on; ssl_certificate /etc/nginx/ssl/mydomain3.eu.chained.crt; ssl_certificate_key /etc/nginx/ssl/mydomain3.eu.key; # same hundred more lines of rules }
is there way shorten - because i'm cloning such huge code blcok when have add new domain , change 3 lines domain name differs. thought kind of parametrization, (without knowing correct syntax):
server_name = {request_server_name} ssl_certificate /etc/nginx/ssl/${server_name}.chained.crt; ssl_certificate_key /etc/nginx/ssl/${server_name}.key;
is possible? how?
there 2 things can it
multi domain san certificate
you can purchase multi domain san certificate. allows use different domains in same certificate. way wont have have multiple blocks. in case using self-signed certificate can still create san certificate yourself
use openrestry or nginx+lua
you can use openresty or nginx lua support , use ssl_certificate_by_lua_block
directive of same.
syntax: ssl_certificate_by_lua_block { lua-script }
context: server
phase: right-before-ssl-handshake
this directive runs user lua code when nginx start ssl handshake downstream ssl (https) connections.
it particularly useful setting ssl certificate chain , corresponding private key on per-request basis. useful load such handshake configurations nonblockingly remote (for example, cosocket api). , 1 can per-request ocsp stapling handling in pure lua here well.
https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block
also see below articles example implementations
https://medium.com/@mtourne/how-to-use-nginx-for-ssl-termination-for-any-domain-dc2e2c630058
https://blog.readme.io/auto-generating-ssl-certificates-for-custom-domains-using-lets-encrypt/
Comments
Post a Comment