Name-based HTTPS servers
A common issue arises when configuring two or more HTTPS servers listening on a single IP address:
server {listen 443 ssl;server_name www.example.com;ssl_certificate www.example.com.crt;…}server {listen 443 ssl;server_name www.example.org;ssl_certificate www.example.org.crt;…}
With this configuration a browser receives the default server’s certificate, i.e. www.example.com regardless of the requested server name. This is caused by SSL protocol behaviour. The SSL connection is established before the browser sends an HTTP request and nginx does not know the name of the requested server. Therefore, it may only offer the default server’s certificate.
The oldest and most robust method to resolve the issue is to assign a separate IP address for every HTTPS server:
server {listen 192.168.1.1:443 ssl;server_name www.example.com;ssl_certificate www.example.com.crt;…}server {listen 192.168.1.2:443 ssl;server_name www.example.org;ssl_certificate www.example.org.crt;…}