Multiple SSL web sites with nginx

dorafmon nginx-forum at forum.nginx.org
Sun Jul 12 13:43:10 UTC 2020 

I am trying to host multiple web apps on the same machine and they are all
SSL enabled. I am trying to put an Nginx server in front of them to redirect
incoming requests to different ports. Here is the configuration I have for
this purpose:

```
    server {
        listen 443 ssl;
        server_name domain1.com;

        ssl_certificate        
/etc/nginx/sslcerts/domain1/certificate.crt;
        ssl_certificate_key     /etc/nginx/sslcerts/domain1/private.key;

        # ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        # ssl_prefer_server_ciphers on;

        location / {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For
$proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;

            # Fix the “It appears that your reverse proxy set up is broken"
error.
            proxy_pass          https://localhost:4444;
            proxy_read_timeout  90;

            proxy_redirect      https://localhost:4444 https://domain1.com;
        }
    }

    server {
        listen 443 ssl;
        server_name api.domain2.com;

        ssl_certificate        
/etc/nginx/sslcerts/domain2/certificate.crt;
        ssl_certificate_key     /etc/nginx/sslcerts/domain2/private.key;

        # ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        # ssl_prefer_server_ciphers on;

        location / {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For
$proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;

            # Fix the “It appears that your reverse proxy set up is broken"
error.
            proxy_pass          https://localhost:9999;
            proxy_read_timeout  90;

            proxy_redirect      https://localhost:9999
https://tomlapi.domain2.com;
        }
    }
```

However, with this configuration it seems when I try to hit
`https://api.domain2.com` then I am still redirected to
`https://domain1.com`. I am just wondering what is wrong with my config?
Previously I had used similar configs for non-SSL web apps for the same
purpose and it worked.

Thanks!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288666,288666#msg-288666

More information about the nginx mailing list