On Sun, Aug 28, 2022 at 09:45:00PM -0400, George wrote:
> Hi guys,
> I am wish to run multiple site from the same IP and use different TLS certs
> for each.
> Example:
> server "example01.com" {
> listen on 1.2.3.4 port 80
> listen on 1.2.3.4 tls port 443
> tls {
> certificate "example01.com.fullchain.pem"
> key "example01.com.key"
> }
> }
> server "example02.com" {
> listen on 1.2.3.4 port 80
> listen on 1.2.3.4 tls port 443
> tls {
> certificate "example02.com.fullchain.pem"
> key "example02.com.key"
> }
> }
> Problem is I get the certificate for the first declared
> server each time unless I change the IP or port.
> Is it possible to have a configuration to serve different
> servers on the same address and port with different
> TLS certs?
> Thanks in advance,
> George
Have you considered using relayd?
table { 1.2.3.4 }
http protocol "http" {
return error
match request header "Host" value "example01.com" forward to
match request header "Host" value "example02.com" forward to
}
https protocol "https" {
tls keypair "example01.com"
tls keypair "example02.com"
match header set "X-Forwarded-For" value "$REMOTE_ADDR"
match header set "X-Forwarded-For-By" value "$REMOTE_ADDR:$SERVER_PORT"
match query hash "sessid"
match request header "Host" value "example01.com" forward to
match request header "Host" value "example02.com" forward to
}
relay "http_relay" {
listen on 1.2.3.4 port 80
protocol "http"
forward to port 80 check tcp
}
relay "https_relay" {
listen on 1.2.3.4 port 443 tls
protocol "https"
forward with tls to port 443 check tcp
}
DISCLAIMER: this is adapted from one of my setups and, obviously, hasn't
been properly tested. I hope it's enough to point you in the right
direction. See relayd's man page for the details about the certificates
and the "tls keypair" parts of the config.
Cheers
Zé
--