Configure 2 Nginx reverseproxy with SSL

Question

I'm tryng do do something with 2 nginx.

I have a wordpress : mywebsite.com

I need this infra :

I have some difficulties to configure ssl with let'sencrypt.

• Nginx1 : 198.198.198.2
• Nginx2 : 241.236.210.2

If I have servername : mywebsite.com in Nginx1 and same servername in Nginx2, I can't generate SSL certificate for Nginx2 because IP was not correct.

Someone can help me to make a secure installation?

---

Conf DNS:

reverse1ext.domain.com. 0   A   0.0.0.0
reverse1int.domain.com. 0   A   0.0.0.0
site.domain.fr. 0   CNAME   reverse1ext.domain.com.
site.reverse1int.domain.com  0  CNAME  reverse1int.domain.com.

NGINX 1:

upstream upstream1 {
    server site.reverse1int.domain.com:443;
}

server {
    server_name site.domain.com;

    location / {
        proxy_pass https://upstream1;
        proxy_set_header    Host $host;

        proxy_connect_timeout 30;
        proxy_send_timeout 30;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/site.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/site.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = site.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name site.domain.com;
    listen 80;
    return 404; # managed by Certbot


}

Nginx2 :

upstream upstream1 {
    server 10.12.12.24;
}

server {

    server_name site.domain.com;

    location / {
        proxy_pass https://upstream1;
        proxy_set_header    Host $host;

        proxy_connect_timeout 30;
        proxy_send_timeout 30;
    }




    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/site.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/site.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = site.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot




    server_name site.domain.com;
    listen 80;
    return 404; # managed by Certbot


}

This configuration work but I'm not sure it was very secure and clean