Nginx dynamic ssl does not work when the domain has www in it

Question

The below code works perfectly for example.com but fails for www.example.com because $ssl_server_name becomes www.example.com and it tries to search a certificate with that name. The correct certificate location is /home/certs/example.com .

Is there any other way to resolve this?

server {

  server_name _; 
  listen 443 ssl http2 default_server;
  ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_certificate /home/certs/$ssl_server_name.crt;
  ssl_certificate_key /home/certs/$ssl_server_name.key;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
  add_header Strict-Transport-Security "max-age=31536000" always;

  location /robots.txt {
    root /home/dist/common;
  }

  location / {
    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-Proto https;
    proxy_set_header  X-Forwarded-For $remote_addr;
    proxy_set_header  X-Forwarded-Host $remote_addr;
    proxy_set_header  X-Forwarded-Referrer $http_referer;

    set $delimeter "";
    if ($is_args) {
      set $delimeter "&";
    }
    set $args $args${delimeter}from=$ssl_server_name;

    proxy_pass http://127.0.0.1:8081$uri$is_args$args;

  }

}

score 0 · Answer 1 · answered Jul 04 '21 at 05:53

0

Found my answer. You need to use map.

map $ssl_server_name $mapped_name {
      default $ssl_server_name;
      ~*www.(.*) $1;
 }
 server {
      ...
 }

answered Jul 04 '21 at 05:53

shashank

326
4
6
19

Nginx dynamic ssl does not work when the domain has www in it

1 Answers1