Nginx as mail proxy: different domains with different certs

achekalin nginx-forum at forum.nginx.org
Fri Sep 30 19:29:16 UTC 2022


I set up nginx as mail proxy, and it works for one domain, but won't work
when I try to serve more that one domain each with different SSL
certificate. Are there any way I can archive that, since nginx as mail proxy
it quite good and seems to be good solution.

My fail is that I expected from mail servers the same I used to see in http
server. Say, I tried to write this:

mail {
  ...
  server {
    listen              25;
    protocol            smtp;
    server_name         mail.domain1.com;
    ssl_certificate     mail.domain1.com.fullchain.pem;
    ssl_certificate_key mail.domain1.com.key.pem;
    starttls            on;
    proxy               on;
    xclient             off;
  }

  server {
    listen              25;
    protocol            smtp;
    server_name         mail.domain2.com;
    ssl_certificate     mail.domain2.com.fullchain.pem;
    ssl_certificate_key mail.domain2.com.key.pem;
    starttls            on;
    proxy               on;
    xclient             off;
  }
  ...
}

I expected nginx will choose right 'server' block based on server_name
(which was wrong assumption) and then will use ssl certificate set in that
server block.

I do understand I can set up LE certs with many hostnames included but say
story is that domain list is too big to be included in single cert so I have
to use more that one server block anyway.

Please advice!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295369,295369#msg-295369



More information about the nginx mailing list