skip to Main Content
server {
    listen 80;
    listen 443 ssl;

    server_name ~^(?<custom_domain>[^.]+).;

    ssl_certificate /var/www/faqnation-server/issued_certs/${custom_domain}__issued_cert.pem;
    ssl_certificate_key /var/www/faqnation-server/issued_certs/${custom_domain}__issued_cert.key;

    location / {
                proxy_pass http://127.0.0.1:4178;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

This is my nginx configuration block, i have used regex ~^(?<custom_domain>[^.]+). to allow to serve any incoming request from any domain, and i want the value of incoming domain hostname in that custom_domain variable to get the specific ssl certificate, but the issue is if i use ${custom_domain} it is just returning empty, and if i use ${host} it returns the server_name regex.

I check it by running this command – sudo tail -f /var/log/nginx/error.log

nginx error logs

I have tried with variable ${custom_domain} but it returned empty, and when i tried with ${host} it returned the server_name regex.

2

Answers


  1. Chosen as BEST ANSWER

    The solution to use map to store domain value in $domain variable from answer basic dynamic ssl configuration provided by @OldFart in his answer is returning only main domain, it doesn't return the subdomain, so to return the full domain with subdomain, i modified it's regex to below.

    map $ssl_server_name $full_domain {
       default $ssl_server_name;
       ~^(?<subdomain>[^.]+).(?<rootdomain>.+)$ $subdomain.$rootdomain;
    }
    

    Now $full_domain returns the expected incoming hostname of domain.

    Example usage -

    server {
        listen 80;
        listen 443 ssl;
    
        server_name ~^(?<custom_domain>[^.]+).;
    
        ssl_certificate /var/www/server/issued_certs/${full_domain}__issued_cert.pem;
        ssl_certificate_key /var/www/server/issued_certs/${full_domain}__issued_cert.key;
    
        location / {
                    proxy_pass http://127.0.0.1:4178;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    }
    

  2. Use ‘_’ for server_name as it is a catch-all.
    Then you can use $host, $server_name or $ssl_server_name as intended.

    Otherwise, as you add domains and create certificates for them, have a script create a nginx config with the server name and ssl part, then add an include line to a partial config that contains all your shared location blocks and relevant shyte.

    Used to run a server with 3000~ domains on average at any given time… I had created a script to ‘add a new domain’ to the server with just a couple clicks… That is, generating the proper Acme ssl certificates files for it and creating my custom link files and file structure for them so my config would be all neat and ordered. Then it would outout a nginx ckonfig file using the supplied domain name, which was just the basic header stuff of the server block, containing anything ‘dynamic’ and soecific for the name then add include line to a file that all the domains shared as base config…

    EDIT: just found this as a working solution… https://serverfault.com/questions/505015/nginx-use-server-name-on-ssl-certificate-path/1103797#1103797

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search