0

I currently have a Nextcloud installation running on a server at home behind an Nginx proxy, which in turn is routed through Cloudflare. The proxy currently presents a Cloudflare origin SSL certificate to perform authenticated pulls from Cloudflare.

My question is: can Nginx, depending upon what IP is sending a request, serve different SSL certificates? I'd like to serve the Cloudflare origin SSL certificate when a Cloudflare IP sends a request, serve a Let's Encrypt certificate if an internal IP send a request, and block the request otherwise. The reasoning for wanting to do this is purely from a speed perspective, as my upload speed through my ISP is quite slow.

Perhaps there are very good reasons not to this — in which case I'd love to hear why this may be such a bad idea!

Many thanks in advance.

Adam
  • 101
  • 1
  • Nginx documentation [says](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) that _since version 1.15.9, variables can be used in the file name when using OpenSSL 1.0.2 or higher_. If you are using OpenResty/lua-nginx-module, check [this](https://github.com/openresty/lua-nginx-module/issues/331) GitHub thread too. – Ivan Shatsky Feb 17 '22 at 13:49
  • @IvanShatsky good idea! I'll take a look into that. – Adam Feb 17 '22 at 23:01

0 Answers0