Hi
I was wondering if there’s any way to have a configuration like this?
server
{
listen 80;
listen 443 ssl;
ssl_certificate www.example.com.cer;
ssl_certificate_key www.example.com.key;
ssl_certificate www.test.com.cer;
ssl_certificate_key www.test.com.key;
ssl_certificate www.something.com.cer;
ssl_certificate_key www.something.com.key;
location /
{
# lots of config here
# which I really don't want to duplicate
}
}
I want to avoid duplicating server blocks since they will have exactly
the same location configurations below them
and I want to avoid using server_name since my server handles requests
from lots of different domain names
It would need to use SNI - only a single ip for all domains
maybe having the server name as part of the “ssl_certificate” line would
be quite elegant:
ssl_certificate www.example.com.cer server=www.example.com;
ssl_certificate_key www.example.com.key server=www.example.com;
Thanks
Richard
On 5 November 2013 13:30, Richard K. [email protected] wrote:
ssl_certificate_key www.example.com.key;
}
I want to avoid duplicating server blocks since they will have exactly the
same location configurations below them
and I want to avoid using server_name since my server handles requests from
lots of different domain names
It would need to use SNI - only a single ip for all domains
How are you intending to use SNI /without/ also providing multiple
server_names (either split across several server{}s or all inside one
server{})?
Please show a duplicated (i.e. operationally inefficient) config that
you wish to aggregate, as I don’t understand the result you’re aiming
for.
J
On 05/11/13 13:50, Jonathan M. wrote:
Please show a duplicated (i.e. operationally inefficient) config that
you wish to aggregate, as I don’t understand the result you’re aiming
for. J
something like this is the only way I see to do it currently:
http
{
server
{
listen 80;
listen 443 ssl;
server_name www.example.com
ssl_certificate www.example.com.cer;
ssl_certificate_key www.example.com.key;
location /
{
# lots of config here
# which I really don't want to duplicate
}
# and about 10 other locations!
}
server
{
listen 80;
listen 443 ssl;
server_name www.test.com
ssl_certificate www.test.com.cer;
ssl_certificate_key www.test.com.key;
location /
{
# lots of config here
# which I really don't want to duplicate
}
# and about 10 other locations!
}
server
{
listen 80;
listen 443 ssl;
server_name www.something.com
ssl_certificate www.something.com.cer;
ssl_certificate_key www.something.com.key;
location /
{
# lots of config here
# which I really don't want to duplicate
}
# and about 10 other locations!
}
}
this could go on for 100’s of domains…
Cheers
Richard
On 05.11.2013 14:57, Richard K. wrote:
this could go on for 100’s of domains…
This sounds like you want to use include
, i use it myself for general
settings, valid for any domain:
server {
listen 443 ssl;
include /etc/nginx/ssl-common.conf;
ssl_certificate /etc/nginx/ssl/com.example.crt;
server_name example.com;
include /etc/nginx/common.conf;
}
With the contents of /etc/nginx/common.conf being:
location ~ /.ht {
return 444;
}
add_header X-Frame-Options SAMEORIGIN;
Tim
On 05/11/13 16:27, Tim Dsterhus wrote:
This sounds like you want to use include
, i use it myself for general
settings, valid for any domain:
fair point
would it work like this (an include in an include?)
http
{
include www.example.com.conf;
include www.test.com.conf;
include www.something.com.conf;
}
www.example.com.conf:
server
{
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.cer;
ssl_certificate_key www.example.com.key;
include locations.conf;
}
www.test.com.conf:
server
{
listen 80;
listen 443 ssl;
server_name www.test.com;
ssl_certificate www.test.com.cer;
ssl_certificate_key www.test.com.key;
include locations.conf;
}
www.something.com.conf:
server
{
listen 80;
listen 443 ssl;
server_name www.something.com;
ssl_certificate www.something.com.cer;
ssl_certificate_key www.something.com.key;
include locations.conf;
}
locations.conf:
location /
{
# lots of config here
# which I really don't want to duplicate
}
# and about 10 other locations!
On 05.11.2013 17:51, Richard K. wrote:
would it work like this (an include in an include?)
Did you try it? 
Yes it does work. Debian by default uses a folder
/etc/nginx/sites-enabled for all vHosts / domains. You can easily
include any file in there via:
include /etc/nginx/sites-enabled/*;
An excerpt of my /etc/nginx looks like this:
/etc/nginx/
±- common.conf
±- nginx.conf
±- passwd
| ±- munin.example.com
±- sites-available
| ±- _
| ±- example.com
| ±- localhost
| ±- munin.example.com
±- sites-enabled
| ±- _ → /etc/nginx/sites-available/_
| ±- example.com → /etc/nginx/sites-available/example.com
| ±- localhost → /etc/nginx/sites-available/localhost
| ±- munin.example.com → /etc/nginx/sites-available/munin.example.com
±- ssl
| ±- _
| ±- com.example.crt
| ±- com.example.munin.crt
±- ssl-common.conf
nginx.conf includes all the sites-enabled via the line above. The
sites-enabled include the respective common.conf / ssl-common.conf like
explained in my last mail.
Tim