I have two computers in my home. computer1 is receiving all http(s) requests (from the box) and contains websites with the domain domain1.com. And the computer2 has websites with the domain domain2.com.
So I have added a domain2.com.conf in the conf.d folder of nginx on the computer1:
server {
listen 443;
server_name *.domain2.com domain2.com;
location / {
proxy_pass https://192.168.1.22:$server_port/$uri$is_args$args;
proxy_set_header Host $host:$server_port;
}
}
The problem is that when I try to access domain2.com, the SSL certificate that is returned is the one from domain1.com.
I've searched on google the way to indicate where are the SSL certificates and I have found that:
ssl on;
ssl_certificate <path_to_certificate>;
ssl_certificate_key <path_to_certificate>;
But obviously, the problem is that certificates are on computer2 and not on computer1. How can I redirect the request for the SSL certificate to computer2? I don't find a solution, maybe I have the wrong keywords.
Thank you very much.
EDIT1:
According to this thread Nginx proxy to back-end with SSL client certificate authentication. I have added this line proxy_set_header X-SSL-CERT $ssl_client_cert; to domain2.com.conf. But it is still not working.
EDIT2:
According to the comment, here is the configuration file for domain1.com:
domain1.com.conf
server {
listen 80;
listen [::]:80;
server_name domain1.conf;
access_by_lua_file /usr/share/ssowat/access.lua;
include conf.d/cvrd.fr.d/*.conf;
location /yunohost/admin {
return 301 https://$http_host$request_uri;
}
access_log /var/log/nginx/domain1.com-access.log;
error_log /var/log/nginx/domain1.com-error.log;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name domain1.com;
ssl_certificate /etc/yunohost/certs/domain1.com/crt.pem;
ssl_certificate_key /etc/yunohost/certs/domain1.com/key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;";
# Uncomment the following directive after DH generation
# > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
#ssl_dhparam /etc/ssl/private/dh2048.pem;
access_by_lua_file /usr/share/ssowat/access.lua;
include conf.d/domain1.com.d/*.conf;
include conf.d/yunohost_admin.conf.inc;
include conf.d/yunohost_api.conf.inc;
}
Best Answer
Doing things at the http(s) level you will need the certificate and private key for domain two on computer one. This is because computer one is terminating the SSL connection. You can't pass through this information from the proxied computer / website.
However, you can use a TCP load balancer rather than an http load balancer without putting the certificate and private key on computer one. A TCP load balancer simply passes packets through without terminating the SSL connection. You can read the Nginx guide here.