sslnginxvirtualhosthostsserver-name

Nginx default server always selected - Multiple SSL servers

I have 3 servers defined in Nginx (wich is used for serving static contents and as proxy for tomcat) :

One handling non-maching requests :

server {
   listen 443 default_server;
   return 444;
}

One for web-app A :

server {
    listen   443;

    server_name webAppA;
    ssl on;
    ssl_certificate /etc/nginx/ssl/webAppA/server.crt;
    ssl_certificate_key /etc/nginx/ssl/webAppA/server.key;

    index index.html;
    root /var/www/webAppA/;

    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    location / {
      try_files $uri $uri/ /index.html;
    }

    location /ws/ {
        add_header Cache-Control no-cache;
        proxy_pass        http://localhost:8080/webAppA/ws/;
        proxy_set_header  X-Real-IP  $remote_addr;
    }
}

One for web-app B:

server {

    listen   443;
    ssl on;
    ssl_certificate /etc/nginx/ssl/webAppB/server.crt;
    ssl_certificate_key /etc/nginx/ssl/webAppB/server.key;
    server_name webAppB

    index index.html;
    root /var/www/webAppB/;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    location /ws/ {
            add_header Cache-Control no-cache;
            proxy_pass        http://localhost:8080/webAppB/ws/;
            proxy_set_header  X-Real-IP  $remote_addr;
    }
    location / {
      #auth_basic            "Restricted";
      #auth_basic_user_file  htpasswd;
      try_files $uri $uri/ /index.html;
    }
}

I'm trying to access to both apps with :

https://server_ip/webAppA
https://server_ip/webAppB

But default server is always selected. I have TSL SNI support enabled.

I tried to add server names to /etc/hosts but it changes nothing.

Do you have any idea ?

Thank's a lot :)

Solution

  • Founded solution was to make one server because server_name refers to 

    "https://server_ip"

    and not "wabAppA" or "webAppB".

    server {
   listen 443;

   ssl on;
   ssl_certificate /etc/nginx/ssl/server.crt;
   ssl_certificate_key /etc/nginx/ssl/server.key;

   root /var/www/;

   location /webAppA/ {
     try_files $uri $uri/ /webAppA/index.html;
   }

   location /webAppB/ {
     try_files $uri $uri/ /webAppB/index.html;
   }

   location /webAppA/ws/ {
     add_header Cache-Control no-cache;
     proxy_pass        http://localhost:8080/webAppA/ws/;
     proxy_set_header  X-Real-IP  $remote_addr;
   }

   location /webAppB/ws/ {
     add_header Cache-Control no-cache;
     proxy_pass        http://localhost:8080/webAppB/ws/;
     proxy_set_header  X-Real-IP  $remote_addr;
   }
}

    It's not as flexible as I'd like it to be but it works.