Serve different SSL certificate depending upon connection

JustAdamHere

6/17/23, 11:44 AM

I currently have a Nextcloud installation running on a server at home behind an Nginx proxy, which in turn is routed through Cloudflare. The proxy currently presents a Cloudflare origin SSL certificate to perform authenticated pulls from Cloudflare.

My question is: can Nginx, depending upon what IP is sending a request, serve different SSL certificates? I'd like to serve the Cloudflare origin SSL certificate when a Cloudflare IP sends a request, serve a Let's Encrypt certificate if an internal IP send a request, and block the request otherwise. The reasoning for wanting to do this is purely from a speed perspective, as my upload speed through my ISP is quite slow.

Perhaps there are very good reasons not to this — in which case I'd love to hear why this may be such a bad idea!

Many thanks in advance.

0 + 0

nginx

reverse-proxy

ssl-certificate

cloudflare

lets-encrypt

Ivan Shatsky

6/17/23, 1:49 PM

Nginx documentation [says](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) that _since version 1.15.9, variables can be used in the file name when using OpenSSL 1.0.2 or higher_. If you are using OpenResty/lua-nginx-module, check [this](https://github.com/openresty/lua-nginx-module/issues/331) GitHub thread too.

JustAdamHere

6/17/23, 11:01 PM

@IvanShatsky good idea! I'll take a look into that.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Serve different SSL certificate depending upon connection

TH: ให้บริการใบรับรอง SSL ที่แตกต่างกันขึ้นอยู่กับการเชื่อมต่อ

RO: Serviți certificat SSL diferit în funcție de conexiune

RU: Подавать разные SSL-сертификаты в зависимости от подключения

VI: Cung cấp chứng chỉ SSL khác nhau tùy thuộc vào kết nối

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.