Ryfujk

Avoiding unpacking an array when altering its dimension

How to avoid being sexist when trying to employ someone to function in a very sexist environment?

What do the pedals on grand pianos do?

Has the Isbell–Freyd criterion ever been used to check that a category is concretisable?

What is the difference between ashamed and shamed?

If a druid in Wild Shape swallows a creature whole, then turns back to her normal form, what happens?

Can chords be played on the flute?

Pure Functions: Does "No Side Effects" Imply "Always Same Output, Given Same Input"?

Does music exist in Panem? And if so, what kinds of music?

Why does Starman/Roadster have radial acceleration?

How do I construct an nxn matrix?

Is there any relevance to Thor getting his hair cut other than comedic value?

What are these green text/line displays shown during the livestream of Crew Dragon's approach to dock with the ISS?

Is there a ternary operator in math

How to speed up a process

What is better: yes / no radio, or simple checkbox?

Is there a low-level alternative to Animate Objects?

Understanding Kramnik's play in game 1 of Candidates 2018

Linear regression when Y is bounded and discrete

A "strange" unit radio astronomy

Where is the fallacy here?

If nine coins are tossed, what is the probability that the number of heads is even?

Compare four integers, return word based on maximum

Series pass transistor, LM7812

nginx-1.15.9 Variable support in “ssl_certificate” and “ssl_certificate_key” directives

What is the difference between Nginx variables $host, $http_host, and $server_name?Blank Page: wordpress on nginx+php-fpmNginx subversion commit failureNGINX don't parse .php5 as .phpLaravel 4.1 on nginx routes error 404nginx rewrite throw 404 with last and breakNginX + WordPress + SSL + non-www + W3TC vhost config file questionsnginx PHP files downloading instead of executingCodeIgniter nginx rewrite rules for i8ln URL'sWhy Nginx calls for invalid certificate in non-existent subdomains just to redirect to 404?How to configure nginx to serve one site from two different document root and using different php depending on URL

0

1

So nginx-1.15.9 was released very recently with the following change:

Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.

I setup an instance with multiple domains pointing to the following server block. I am using dehydrated to generate the certs automatically and in their own respective folders.

However, despite trying several variations and googling for various solutions, I am not having any success in having the variables in the "ssl_certificate" and "ssl_certificate_key" directives being recognised.

• Have verified that the certs are generated correctly (with fullchain.pem and privkey.pem)


• The error I'm getting from navigating to the https URL directly: Secure Connection Failed


• https works perfectly if I update the "$server_name" to the actual domain folder containing the certs

Appreciate if someone could take a look at my server block to identify what I'm doing wrong or point me in the correct direction. Thank you.

server {

    listen 80 default_server;

    listen [::]:80 default_server;

    listen 443 ssl default_server;

    listen [::]:443 ssl default_server;



    root /var/www/html;

    index index.php index.html index.htm;



    server_name _;



    # ssl on;

    ssl_certificate /etc/dehydrated/certs/$server_name/fullchain.pem;

    ssl_certificate_key /etc/dehydrated/certs/$server_name/privkey.pem;



    location / {

        try_files $uri $uri/ =404;

    }



    location ~ .php$ {

            try_files $uri =404;

            fastcgi_split_path_info ^(.+.php)(/.+)$;

            fastcgi_pass unix:/run/php/php7.2-fpm.sock;

            fastcgi_index index.php;

            include fastcgi_params;

    }



    location ~ /.ht {

        deny all;

    }

}

ubuntu nginx ssl https

share|improve this question

asked 3 hours ago

shiokshiok

1

New contributor

shiok is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  What's in the error log?
  
  – Michael Hampton♦
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Ah I should have thought of checking the error log to see the output. The error is it not being able to load the certificate. $server_name simply outputs a blank. I just can't figure out what $variable to specify the current domain. I've already tried $uri and $hostname, both not giving the desired output.
  
  – shiok
  2 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You should probably read this.
  
  – Michael Hampton♦
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the link Michael. I'm actually referring to this list but I've tried $host, $server_name, $http_host to no avail. Am I not understanding them correctly but I can't seem to find the $variable to specify the actual current domain name being served.
  
  – shiok
  2 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  $host should be it. I wouldn't expect $server_name to be useful, since you aren't likely to have a certificate named _. Maybe this feature doesn't actually work yet?
  
  – Michael Hampton♦
  2 hours ago
  

  
  
  
  

 | 
show 1 more comment

0

1

So nginx-1.15.9 was released very recently with the following change:

Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.

I setup an instance with multiple domains pointing to the following server block. I am using dehydrated to generate the certs automatically and in their own respective folders.

However, despite trying several variations and googling for various solutions, I am not having any success in having the variables in the "ssl_certificate" and "ssl_certificate_key" directives being recognised.

• Have verified that the certs are generated correctly (with fullchain.pem and privkey.pem)


• The error I'm getting from navigating to the https URL directly: Secure Connection Failed


• https works perfectly if I update the "$server_name" to the actual domain folder containing the certs

Appreciate if someone could take a look at my server block to identify what I'm doing wrong or point me in the correct direction. Thank you.

server {

    listen 80 default_server;

    listen [::]:80 default_server;

    listen 443 ssl default_server;

    listen [::]:443 ssl default_server;



    root /var/www/html;

    index index.php index.html index.htm;



    server_name _;



    # ssl on;

    ssl_certificate /etc/dehydrated/certs/$server_name/fullchain.pem;

    ssl_certificate_key /etc/dehydrated/certs/$server_name/privkey.pem;



    location / {

        try_files $uri $uri/ =404;

    }



    location ~ .php$ {

            try_files $uri =404;

            fastcgi_split_path_info ^(.+.php)(/.+)$;

            fastcgi_pass unix:/run/php/php7.2-fpm.sock;

            fastcgi_index index.php;

            include fastcgi_params;

    }



    location ~ /.ht {

        deny all;

    }

}

ubuntu nginx ssl https

share|improve this question

asked 3 hours ago

shiokshiok

1

New contributor

shiok is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  What's in the error log?
  
  – Michael Hampton♦
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Ah I should have thought of checking the error log to see the output. The error is it not being able to load the certificate. $server_name simply outputs a blank. I just can't figure out what $variable to specify the current domain. I've already tried $uri and $hostname, both not giving the desired output.
  
  – shiok
  2 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You should probably read this.
  
  – Michael Hampton♦
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for the link Michael. I'm actually referring to this list but I've tried $host, $server_name, $http_host to no avail. Am I not understanding them correctly but I can't seem to find the $variable to specify the actual current domain name being served.
  
  – shiok
  2 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  $host should be it. I wouldn't expect $server_name to be useful, since you aren't likely to have a certificate named _. Maybe this feature doesn't actually work yet?
  
  – Michael Hampton♦
  2 hours ago
  

  
  
  
  

 | 
show 1 more comment

So nginx-1.15.9 was released very recently with the following change:

Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.

I setup an instance with multiple domains pointing to the following server block. I am using dehydrated to generate the certs automatically and in their own respective folders.

However, despite trying several variations and googling for various solutions, I am not having any success in having the variables in the "ssl_certificate" and "ssl_certificate_key" directives being recognised.

• Have verified that the certs are generated correctly (with fullchain.pem and privkey.pem)


• The error I'm getting from navigating to the https URL directly: Secure Connection Failed


• https works perfectly if I update the "$server_name" to the actual domain folder containing the certs

Appreciate if someone could take a look at my server block to identify what I'm doing wrong or point me in the correct direction. Thank you.

server {

    listen 80 default_server;

    listen [::]:80 default_server;

    listen 443 ssl default_server;

    listen [::]:443 ssl default_server;



    root /var/www/html;

    index index.php index.html index.htm;



    server_name _;



    # ssl on;

    ssl_certificate /etc/dehydrated/certs/$server_name/fullchain.pem;

    ssl_certificate_key /etc/dehydrated/certs/$server_name/privkey.pem;



    location / {

        try_files $uri $uri/ =404;

    }



    location ~ .php$ {

            try_files $uri =404;

            fastcgi_split_path_info ^(.+.php)(/.+)$;

            fastcgi_pass unix:/run/php/php7.2-fpm.sock;

            fastcgi_index index.php;

            include fastcgi_params;

    }



    location ~ /.ht {

        deny all;

    }

}

ubuntu nginx ssl https

share|improve this question

asked 3 hours ago

shiokshiok

1

New contributor

shiok is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

server {

    listen 80 default_server;

    listen [::]:80 default_server;

    listen 443 ssl default_server;

    listen [::]:443 ssl default_server;



    root /var/www/html;

    index index.php index.html index.htm;



    server_name _;



    # ssl on;

    ssl_certificate /etc/dehydrated/certs/$server_name/fullchain.pem;

    ssl_certificate_key /etc/dehydrated/certs/$server_name/privkey.pem;



    location / {

        try_files $uri $uri/ =404;

    }



    location ~ .php$ {

            try_files $uri =404;

            fastcgi_split_path_info ^(.+.php)(/.+)$;

            fastcgi_pass unix:/run/php/php7.2-fpm.sock;

            fastcgi_index index.php;

            include fastcgi_params;

    }



    location ~ /.ht {

        deny all;

    }

}

share|improve this question

asked 3 hours ago

shiokshiok

1

New contributor

shiok is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 3 hours ago

shiokshiok

1

New contributor

shiok is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 3 hours ago

shiokshiok

1

New contributor

shiok is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 3 hours ago

shiokshiok

1