0

Large WordPress Multisite install of over 150+ domains with anticipation of going 900+.

I want to simplify the nginx server config. Currently we have to split the server list to groups of 100 due to Let's Encrypt limit of 100 per ssl cert. This is working fine.

However in order to ensure both www. and root domain work properly I am using if statements to evaluate if an incoming request is root then redirect to www. This is also working fine but needs to be done for each domain hosted, so currently at 75+ if statements.

I am positive there is a better more efficient and elegant way to do this. I have researched different approaches but most solutions appear to work when you can address all incoming domains in a single server block for all domains. Again in my case we are currently at 3 server blocks in order for Let's Encrypt to work properly.

Sample config...

##Serve first 100 Sites
server {
    
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/domain.com-0010/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com-0010/privkey.pem; # managed by Certbot
    server_name domain1.com www.domain1.com domain2.com www.domain2.com domain3.com www.domain3.com

    if ($host = domain1.com) {
        return 301 https://www.domain1.com$request_uri;
    }
    if ($host = domain2.com) {
        return 301 https://www.domain2.com$request_uri;
    }
    if ($host = domain2.com) {
        return 301 https://www.domain2.com$request_uri;
    }
    if ($host = domain3.com) {
        return 301 https://www.domain3.com$request_uri;
    }

    ...rest of config

}
##Serve second 100 Sites
server {
    
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/domain.com-0020/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com-0020/privkey.pem; # managed by Certbot
    server_name domain101.com www.domain101.com domain102.com www.domain102.com domain103.com www.domain103.com

    if ($host = domain101.com) {
        return 301 https://www.domain101.com$request_uri;
    }
    if ($host = domain102.com) {
        return 301 https://www.domain102.com$request_uri;
    }
    if ($host = domain102.com) {
        return 301 https://www.domain102.com$request_uri;
    }
    if ($host = domain103.com) {
        return 301 https://www.domain103.com$request_uri;
    }
    ...rest of config

}
user50733
  • 3
  • 1

1 Answers1

2

I prefer to split the main www. domain to its own server block and redirects to another block:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate ...;
    ssl_certificate_key ...;
    server_name example1.com example2.com example3.com;

    return 301 https://www.$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate ...;
    ssl_certificate_key ...;
    server_name www.example1.com www.example2.com www.example3.com;

    ... rest of config
}

This way redirect configuration is clearly separated from the main configuration. There is no need for if processing on every request to the main domain, increasing the speed a bit.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63