I want to be able to use 2 different certs on my nginx reverse proxy, one for my domain and one for internal LAN use to encrypt my LAN traffic. From what I understand, having a server block with
server_name 10.0.0.103;
should result in the server block applying to traffic to 10.0.0.103. However when I go to this address without default_server in that server block, it wants to use a cert from a different server block, even though there is cert info within the 10.0.0.103 server block... In other words, without default_server being there, 10.0.0.103 wants to use the cert for domain.dev.
internal:
server { listen 443 ssl default_server; server_name 10.0.0.103; ssl_certificate /etc/nginx/ssl/certificate.crt; ssl_certificate_key /etc/nginx/ssl/private.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; location /quantum/ { proxy_pass http://10.0.0.102:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location / { return 404; } } external:
server { listen 443 ssl; # managed by Certbot server_name domain.dev www.domain.dev; ssl_certificate /etc/letsencrypt/live/domain.dev/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/domain.dev/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot location /wee/ { proxy_pass http://10.0.0.101:809/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location / { return 404; } } 