Score:1

Multiple virtual hosts HTTPS on nginx

dk flag
Sig

Is it possible to have multiple (two) virtual hosts (sites/applications) both over HTTPS on a single instance of Nginx?

I have tried something like

upstream a {
  server app:8080;
}


upstream b {
  server app2:5678;
}

server {
  listen 443 ssl http2;
  server_name sub.example.com;

  ssl_certificate       /etc/ssl/certs/fullchain.pem;
  ssl_certificate_key   /etc/ssl/certs/privkey.pem;
  ssl_dhparam           /etc/ssl/certs/dhparam-2048.pem;
  
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8;

  location / {
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://unicorn;
}

server {
  listen 5678 ssl http2;
  server_name sub.example.com;

  ssl_certificate       /etc/ssl/certs/fullchain.pem;
  ssl_certificate_key   /etc/ssl/certs/privkey.pem;
  ssl_dhparam           /etc/ssl/certs/dhparam-2048.pem;
  
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8;

  location / {
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://unicorn2;
}
}

The app 'a' is accessible. However, app 'b' is not. I get an Error code: SSL_ERROR_RX_RECORD_TOO_LONG.

The two apps should run on the same subdomain.

djdomi avatar
za flag
the shown config does not meat the error. what are you hiding?
dk flag
Sig
@djdomi thanks for your reply. I have added the whole config file.
djdomi avatar
za flag
still not showing, whats port 8080, 5678 and whats unicorn - you still hide relevant information. remember about https://stackoverflow.com/questions/25081239/error-code-ssl-error-rx-record-too-long-on-nginx-ubuntu-server or shortly said: somekind of application running as https and is decleared as http
djdomi avatar
za flag
Does this answer your question? [SSL\_ERROR\_RX\_RECORD\_TOO\_LONG Using Nginx reverse proxy and certbot](https://serverfault.com/questions/994489/ssl-error-rx-record-too-long-using-nginx-reverse-proxy-and-certbot)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.