<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<div name="messageBodySection" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;">Hi
<div><br /></div>
<div>I created one separated file for while (as we have just one customer under ssl) and placed this file on sites-enable. So it is being loaded at top of nginx configuration.</div>
<div>Then I have another conf file to handle 443 requests.</div>
<div><br /></div>
<div>The aim is to have one certificate for each customer, as customer may want or already have their own certificate.</div>
<div>But you gave me a good idea to have a SAN certificate, I don’t know if it will work for all situations thought.</div>
<div><br /></div>
<div>Is my aim possible ?</div>
<div><br /></div>
<div>below my complete configuration:</div>
<div><br /></div>
<div>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">ssl_certificate /customers/certificates/customerone.com.pem;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">ssl_certificate_key /customers/certificates/customerone.com.key;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">map $http_host $blogid {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> default -999;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">}</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">server {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> server_name domain.com *.domain.com ;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> root /var/www/html/portal;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> index index.php;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> access_log /var/log/nginx/domain.access.log combined;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> error_log /var/log/nginx/domain.error.log;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> location / {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> try_files $uri $uri/ /index.php?$args ;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> }</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> #WPMU Files</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> location ~ \.php$ {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> autoindex on;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> try_files $uri =404;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> fastcgi_split_path_info ^(.+\.php)(/.+)$;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> # With php5-fpm:</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> #fastcgi_pass unix:/var/run/php5-fpm.sock;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> fastcgi_pass unix:/run/php/php7.0-fpm.sock;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> fastcgi_index index.php;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> include fastcgi_params;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> client_max_body_size 100M;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> proxy_connect_timeout 180;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> proxy_send_timeout 180;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> proxy_read_timeout 180;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> }</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> location ~ ^/files/(.*)$ {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> access_log off; log_not_found off; expires max;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> }</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> #WPMU x-sendfile to avoid php readfile()</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> location ^~ /blogs.dir {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> internal;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> alias /home/portal/wp-content/blogs.dir;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> access_log off; log_not_found off; expires max;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> }</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> #add some rules for static content expiry-headers here</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">}</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">server {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> listen 443;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> ssl on;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> port_in_redirect off;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> server_name domain.com *.domain.com ;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> root /var/www/html/portal;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> index index.php;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> access_log /var/log/nginx/domain.access.log combined;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> error_log /var/log/nginx/domain.error.log;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> location / {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> try_files $uri $uri/ /index.php?$args ;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> }</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> #WPMU Files</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> location ~ \.php$ {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> autoindex on;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> try_files $uri =404;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> fastcgi_split_path_info ^(.+\.php)(/.+)$;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> # With php5-fpm:</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> #fastcgi_pass unix:/var/run/php5-fpm.sock;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> fastcgi_pass unix:/run/php/php7.0-fpm.sock;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> fastcgi_index index.php;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> include fastcgi_params;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> client_max_body_size 100M;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> proxy_connect_timeout 180;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> proxy_send_timeout 180;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> proxy_read_timeout 180;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> }</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> location ~ ^/files/(.*)$ {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> access_log off; log_not_found off; expires max;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> }</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> #WPMU x-sendfile to avoid php readfile()</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> location ^~ /blogs.dir {</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> internal;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> alias /home/portal/wp-content/blogs.dir;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> access_log off; log_not_found off; expires max;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> }</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px;"><br /></p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> #add some rules for static content expiry-headers here</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> add_header X-Frame-Options DENY;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> add_header X-Content-Type-Options nosniff;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> add_header X-XSS-Protection "1; mode=block";</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;"> add_header X-Robots-Tag none;</p>
<p style="margin: 0px; font-stretch: normal; font-size: 12px; line-height: normal; font-family: Helvetica;">}</p>
</div>
<div><br /></div>
</div>
<div name="messageReplySection" style="font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, sans-serif;"><br />
On 6 Apr 2018 at 14:50 -0300, basti <mailinglist@unix-solution.de>, wrote:<br />
<blockquote type="cite" style="margin: 5px 5px; padding-left: 10px; border-left: thin solid #1abc9c;">Hello,<br />
where have you defined your certificate? I cant see.<br />
if you use one serer directive for all your domains, all domains must be<br />
in this certificate (Subject alt names).<br />
<br />
On 06.04.2018 19:40, Giulio Loffreda wrote:<br />
<blockquote type="cite" style="margin: 5px 5px; padding-left: 10px; border-left: thin solid #e67e22;">Dears<br />
<br />
<br />
I have one wordpress multisite with subdomain being served by Nginx.<br />
<br />
<br />
We have the main domain, lets call domain.com <http://domain.com>.<br />
<br />
We use custom domains for customer site lets say customerone.com<br />
<http://customerone.com>, customertwo.com <http://customertwo.com>… with<br />
correspondent subdomain on WP, as customerone.domain.com<br />
<http://customerone.domain.com>, customertwo.domain.com<br />
<http://customertwo.domain.com>.<br />
<br />
<br />
Everything works fine with the configuration at the end of this email.<br />
<br />
<br />
However, now we want to secure some custom domains for example<br />
https://customerone.com.<br />
<br />
<br />
For one secured domain, it works fine. I can use some plugin to force<br />
HTTPS on WP and insert certificate on top of nginx configuration.<br />
<br />
<br />
The problem is when I have more than one domain to secure.<br />
<br />
<br />
I tried to insert more than one ssl_certificate on top to secure base<br />
domain (domain.com <http://domain.com>) and its subdomains. Doesn’t work.<br />
<br />
Then i search for some configuration to check domain and load the right<br />
certificate, couldn’t find.<br />
<br />
<br />
Can someone help us to configure our server to work with non-ssl + ssl<br />
and Wordpress multisite subdomain ?<br />
<br />
<br />
Thank you<br />
<br />
<br />
map $http_host $blogid {<br />
<br />
default -999;<br />
<br />
}<br />
<br />
<br />
server {<br />
<br />
server_name domain.com <http://domain.com> *.domain.com<br />
<http://domain.com> ;<br />
<br />
<br />
root /var/www/html/portal;<br />
<br />
index index.php;<br />
<br />
<br />
access_log /var/log/nginx/domain.access.log combined;<br />
<br />
error_log /var/log/nginx/domain.error.log;<br />
<br />
<br />
location / {<br />
<br />
try_files $uri $uri/ /index.php?$args ;<br />
<br />
}<br />
<br />
<br />
#WPMU Files<br />
<br />
location ~ \.php$ {<br />
<br />
autoindex on;<br />
<br />
try_files $uri =404;<br />
<br />
fastcgi_split_path_info ^(.+\.php)(/.+)$;<br />
<br />
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini<br />
<br />
<br />
# With php5-fpm:<br />
<br />
#fastcgi_pass unix:/var/run/php5-fpm.sock;<br />
<br />
fastcgi_pass unix:/run/php/php7.0-fpm.sock;<br />
<br />
fastcgi_index index.php;<br />
<br />
include fastcgi_params;<br />
<br />
fastcgi_param SCRIPT_FILENAME<br />
$document_root$fastcgi_script_name;<br />
<br />
client_max_body_size 100M;<br />
<br />
proxy_connect_timeout 180;<br />
<br />
proxy_send_timeout 180;<br />
<br />
proxy_read_timeout 180;<br />
<br />
}<br />
<br />
location ~ ^/files/(.*)$ {<br />
<br />
try_files /wp-content/blogs.dir/$blogid/$uri<br />
/wp-includes/ms-files.php?file=$1 ;<br />
<br />
access_log off; log_not_found off; expires max;<br />
<br />
}<br />
<br />
<br />
#WPMU x-sendfile to avoid php readfile()<br />
<br />
location ^~ /blogs.dir {<br />
<br />
internal;<br />
<br />
alias /home/portal/wp-content/blogs.dir;<br />
<br />
access_log off; log_not_found off; expires max;<br />
<br />
}<br />
<br />
<br />
#add some rules for static content expiry-headers here<br />
<br />
}<br />
<br />
<br />
<br />
_______________________________________________<br />
nginx mailing list<br />
nginx@nginx.org<br />
http://mailman.nginx.org/mailman/listinfo/nginx<br />
<br /></blockquote>
_______________________________________________<br />
nginx mailing list<br />
nginx@nginx.org<br />
http://mailman.nginx.org/mailman/listinfo/nginx<br /></blockquote>
</div>
</body>
</html>