Tag Archives: NGINX

How-tos, Linux

Running multiple SSL sites on one IP with NGINX

This how-to will step you through the process needed to be able to run two different SSL sites (completely different URLs) on the same IP (same NGINX server too)

Let’s say you have own the domains www.example1.com and www.example2.org and that you wish to host both sites on the same server with one IP.  Let’s also say you wish to make it so that that both sites are SSL enabled (https).  Finally let’s assume that you have already secured proper SSL certificates for each domain.

The first step should be to ensure that we have the SSL certificates in a good location for NGINX to be able to reach them.  My personal preference isto store the certificates in /etc/nginx/ssl directory, usually in a directory named after the URL for the certificate.  Using the example names from above, we need to create two directories in /etc/nginx/ssl.  Something like the following:
# cd /etc/nginx/ssl
# mkdir www.example1.com
# mkdir www.example2.org

Now copy the certificates to their corresponding directories under /etc/nginx/ssl.

The next step is to create a configuration file for the first domain in /etc/nginx/sites-available directory. Let’s call the configuration file SSL-example1-com, its contents should be:

server {

listen 443;
server_name www.example1.com;

root /usr/share/nginx/www1;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/www.example1.com/cert_for_example1_com-server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/key_for_example_com1_server.key;
}

Notice that server_name is using the example1.com fully qualified domain name and that
the certificate and key correspond to the example1.com fully qualified domain name.

Now we create the configuration for the second site.  Lets use SSL-example2-org as the name and include the following as content:

server {

listen 443;
server_name www.example2.org;

root /usr/share/nginx/www2;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/www.example2.org/cert_for_example2-org-server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example2.org/key_for_example2_server_org.key;
}

Notice that server_name is using the example2.org fully qualified domain name and that
the certificate and key correspond to the example2.org fully qualified domain name.

Now create links to these configuration files in etc/nginx/sites-enabled:

# ln -s ../sites-available/SSL-example1-com 001-example-com
# ln -s ../sites-available/SSL-example2-org 002-example-org

Finally restart NGINX