I have the following question:

I have a couple of HTTPS services that are running inside docker containers. I have an nginx container also set up so that it redirects URL to the relevant containers. Each of the https services in the respective containers use a certificate with a wildcard dns. In my case:

[ alternate_names ]

DNS.1        = *.myapps.local

I have configured nginx to NOT terminate the SSL connection, rather have it passthrough to the backend servers:


 Redirect any http request on port 80 to https

server {
  listen        80;

  server_name   _;

  return 301 https://$host$request_uri;


# https://gerco.dev/NGINX-Reverse-Proxy-with-TLS-Passthrough/

map $ssl_preread_server_name $name {
        test1.myapps.local  server1_https;
        test2.myapps.local  server2_https;
        default $ssl_preread_server_name;

upstream server1_https {
        server service1:443; //---------> Since I've linked the containers in the compose file, this is valid

upstream server2_https {
        server service2:443; //---------> Since I've linked the containers in the compose file, this is valid

server {
        listen 443;
        listen [::]:443;
        ssl_preread on;
        proxy_ssl_server_name on;
        # proxy_ssl_session_reuse off;
        proxy_pass $name;


I have set up the /etc/hosts file as below:  test1.myapp.local test2.myapp.local

The problem being:

when I access test1.myapp.local --> service1's page gets rendered. when I access test2.myapp.local --> service1's page STILL gets rendered.

I'm hosting 2 subdomains in the same IP. And each time, no matter which of the two URLs I visit, I always end up at the first service.

How can I fix this? My understanding is that $ssl_preread_server_name is supposed to tell me the domain I am visiting? Is the fact that I'm using a wildcard alertnate_name in the cert to blame somehow?


  • 121
  • 4

0 Answers0