Update, April 28, 2019: Warning: I don’t think that this works. A few days after getting this setup, HTTPS broke on a few of my sites and I had to undo this config. I haven’t had enough time to poke at things, but JJJ pinged me yesterday and said he was having issues to. I hope to get back to this soon, but for now—beware! 🙂
When I left WSU, we had hundreds of server blocks defined for hundreds of domains that pointed to a single WordPress multisite installation. I wrote this up previously, but each of these blocks was effectively the same:
server {
include common-listen.conf;
server_name ohlookadomain.com;
root /var/www/wordpress;
ssl_certificate /etc/nginx/ssl/ohlookadomain.com.cer;
ssl_certificate_key /etc/nginx/ssl/ohlookadomain.com/key;
include common-ssl-config.conf;
include common-location-block.conf;
}
The only reason different server blocks were required was the directives for ssl_certificate and ssl_certificate_key. As we were getting prepped to launch our first sites, I wrote about my disappointment that variables were not supported.
Fast-forward to Tuesday. I no longer support hundreds of unique domains, but I still think it’s cool to see that Nginx 1.15.9 added support for variables to the to the ssl_certificate and ssl_certificate_key directives.
I upgraded this evening on my personal server and then did a brief test with a multi-tenant WordPress configuration that I manage and everything worked exactly as expected.
This is the server block that I used: (It now works with 4 domains)
server {
listen 443 ssl http2;
server_name _;
root /var/www/wordpress;
ssl_certificate. /etc/letsencrypt/live/$server_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$server_name/privkey.pem;
include /etc/nginx/ssl-common.conf;
include /etc/nginx/wp-shared-location-common.conf;
include /etc/nginx/php-location-common.conf;
}
I haven’t really explored the consequences of using _ as the server name, but with this configuration—just one server block—I can support as many different domains as I want as long as they have matching Let’s Encrypt generated certs.
Pretty cool!
Responses and reactions
Replies
Should it be $ssl_server_name instead of $server_name?
Is it possible to separate log files also using variable $server_name?
Hello Jeremy, I sent you an email regarding this issue. Appreciate it if you could take a look and share your feedback. Thank you.
The only requirement for your mention to be recognized is a link to this post in your post's content. You can update or delete your post and then re-submit the URL in the form to update or remove your response from this page.
Learn more about Webmentions.