Multiple SSL vhosts using wildcard certificate in nginx

Question

I have two hostnames sharing the same domain name which I want to serve over HTTPs. I've got a wildcard-SSL certificate and created two vhost configs:

Host A

listen      127.0.0.1:443 ssl;
server_name     a.example.com;
root        /data/httpd/a.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;

Host B

listen      127.0.0.1:443 ssl;
server_name     b.example.com;
root        /data/httpd/b.example.com;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;

However, I get the same vhost served for either hostname.

Answer 1

You need to split vhosts from ssl listening/configuration part:

Listening part:

server {
  listen              127.0.0.1:443 default_server ssl;
  server_name         _;
  ssl_certificate     /etc/ssl/wildcard.cer;
  ssl_certificate_key /etc/ssl/wildcard.key;
}

And now vhosts:

server {
  listen      127.0.0.1:443;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}

server {
  listen      127.0.0.1:443;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}

Answer 2

It's actually explained in the manual: http://nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
server {
  listen      443 ssl;
  server_name a.example.com;
  root        /data/httpd/a.example.com;
}
server {
  listen      443 ssl;
  server_name b.example.com;
  root        /data/httpd/b.example.com;
}

Now, if you have many sites, I suggest storing all of them in a folder with just the server{} part as above in single files, and an include directive in the main file to load all of them:

ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
include /etc/nginx/conf.d/subfolder/*;