Example of configuring multiple SSL certificates for a single Nginx IP address

By default, Nginx supports only one SSL certificate per IP address. Multiple IP addresses are required to configure multiple SSL certificates. When public IP addresses are limited, you can use the TLS Server Name Indication extension (SNI, RFC 6066), which allows the browser to send the requested server name, that is, the Host, during the SSL handshake, so that Nginx can find the SSL configuration of the corresponding server.

The configuration steps are as follows:

1. Check whether Nginx supports TLS

$ nginx -V
...
TLS SNI support enabled
...

2. If TLS SNI support disable occurs, you need to upgrade the openssl version and recompile nginx.

The specific steps are as follows:

First download openssl (version 1.0.1h is recommended)

#wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz

Download Nginx

#wget http://nginx.org/download/nginx-1.9.9.tar.gz

Unzip openssl

#tar -zxvf openssl-1.0.1h.tar.gz

Unzip nginx and compile

#tar -zxvf nginx-1.9.9.tar.gz
#cd nginx-1.9.9
#./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-openssl=../openssl-1.0.1h/
#make && make install

#Check Nginx version information

#/usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.9.9
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-55)
built with OpenSSL 1.0.1h 5 Jun 2014
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-openssl=../openssl-1.0.1h/

Configure the domain name certificate in Vhost

server
    {
     #########
        listen 80;
        listen 443 ssl;
        #listen [::]:80;
        server_name we.baohua.me;
        root /home/wwwroot/we.baohua.me;

        ssl on;
        ssl_certificate_key /home/wwwroot/cert/we.baohua.me.key;
        ssl_certificate /home/wwwroot/cert/we.baohua.me.crt;
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!MD5;
     ###############
}

Then, restart Nginx.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

How to configure SSL certificate under Nginx
Detailed explanation of SSL security configuration in Nginx server
Detailed explanation of nginx using ssl module configuration to support HTTPS access
How to enable SSL in Nginx server
Nginx configures SSL certificate to listen on port 443
How to configure SSL two-way verification in nginx
Detailed explanation of Nginx configuration SSL certificate to achieve Https access
Nginx server SSL certificate configuration and reverse proxy configuration for SSL
How to configure SSL certificate in nginx to implement https service
Nginx local configuration SSL access example tutorial

<<: How to implement navigation function in WeChat Mini Program

>>: Detailed explanation of Mysql 5.7.18 installation method and the process of starting MySQL service

How to skip errors in mysql master-slave replication

Recommend

The whole process record of introducing Vant framework into WeChat applet

Preface Sometimes I feel that the native UI of We...

Pure CSS to achieve the text description of semi-transparent effect when the mouse is placed on it (must read for novices)

The effect is as follows: Example 1 Example 2: Ta...

Example of configuring multiple SSL certificates for a single Nginx IP address

How to skip errors in mysql master-slave replication

How to modify the default storage engine in MySQL

How to connect to a remote server and transfer files via a jump server in Linux

How to find the IP address of Raspberry Pi when it is connected to the wireless network without a screen

Linux installation steps for Jenkins and various problem solving (page access initialization password)

CSS3 solution to the problem of freezing on mobile devices (animation performance optimization)

How to use docker-compsoe to deploy a project with front-end and back-end separation

Detailed explanation of CSS3 to achieve responsive accordion effect

How to change apt-get source in Ubuntu 18.04

15 Best Practices for HTML Beginners

Recommend

The whole process record of introducing Vant framework into WeChat applet

Pure CSS to achieve the text description of semi-transparent effect when the mouse is placed on it (must read for novices)

Implementation of form submission in html

Python connects to the database MySQL decompressed version installation configuration and encountered problems

Exploration and correction of the weird behavior of parseInt() in js

MySql Group By implements grouping of multiple fields

Detailed explanation of global parameter persistence in MySQL 8 new features

MySql quick insert tens of millions of large data examples

A brief discussion on mobile terminal adaptation

How to set an alias for a custom path in Vue

Linux installation apache server configuration process

17 404 Pages You'll Want to Experience

How to customize an EventEmitter in node.js

ffmpeg Chinese parameter description and usage examples

Search optimization knowledge to pay attention to in web design