Jeremy Felt

Open source student.

Posts

For things with titles.

Follow via RSS

Variable SSL certificate directives in Nginx

Update, April 28, 2019: Warning: I don't think that this works. A few days after getting this setup, HTTPS broke on a few of my sites and I had to undo this config. I haven't had enough time to poke at things, but JJJ pinged me yesterday and said he was having issues to. I hope to get back to this soon, but for now—beware! :)

Managing SSL certificates and HTTPS configuration at scale

Our multi-network multisite WordPress installation at WSU has 1022 sites spread across 342 unique domain names. We have 481 SSL certificates on the server to help secure the traffic to and from these domains. And we have 1039 unique server blocks in our nginx configuration to help route that traffic. Configuring a site for HTTPS is […]

Configure Nginx to allow for embedded WordPress posts

The ability to embed WordPress posts in WordPress posts is a pretty sweet feature from 4.4 and I’ve been looking forward to finding ways of using it throughout WSU. Today, when I tried it for the first time, I got an error because of our strict X-Frame-Options header that we had set to SAMEORIGIN for all […]

Figuring out how to serve many SSL certificates, part 2.

I’ve been pretty happy over the last couple days with our A+ score at SSL Labs. I almost got discouraged this morning when it was discovered that LinkedIn wasn’t able to pull in the data from our HTTPS links properly when sharing articles. Their bot, `LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)`, uses an end of […]

Figuring out how to serve many SSL certificates, part 1.

In the process of figuring out how to configure SSL certificates for hundreds (maybe thousands) of domains in a single nginx configuration without a wildcard certificate, I decided it would be cool to use `server_name` as a variable in the nginx configuration: `ssl_certificate /etc/nginx/ssl/$server_name.crt;` Unfortunately, per this aptly named request on Server Fault—nginx use $server_name on […]

Jeremy's profile photo: a selfie taken while walking through Berlin.

Jeremy Felt wrote this and published it on the internet.

Unless otherwise expressly stated, the content above is licensed under a CC BY-SA 4.0 International License.