Enable cloudflare on multiple subdomains when using VPS with nginx?

There is a VPS machine with nginx’om configured on which 10 sites are spinning

central site spinning on a separate hosting

in nginx, I configured the default site tester.example.com to use ssl from the Cloudflare service

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name tester.example.com www.tester.example.com;
    return 302 https://$server_name$request_uri;
server {

# SSL configuration

  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;
  ssl        on;
  ssl_certificate         /etc/ssl/certs/cert.pem;
  ssl_certificate_key     /etc/ssl/private/private.pem;
  ssl_client_certificate /etc/ssl/certs/Cloudflare.crt;
  ssl_verify_client on;

  server_name tester.example.com www.tester.example.com;

  root /var/server/site/;
  index index.html index.htm index.nginx-debian.html;

  location / {
       # try_files $uri $uri/ =404;
        proxy_pass         http://localhost:8880;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;

without https - using regular ip: Port, opening passes through all services

how can I make api-one.tester.example.com config, etc. so that they also open via ssl?

I tried to change the port in the subdomain config (8443 which supports Cloudflare), but does not give the desired result

  listen 8443 ssl http2;
  listen [::]:8443 ssl http2;
  ssl        on;

Cloudflare’s free Universal SSL certs don’t go down to second level subdomains. They only cover example.com and *.example.com. In order to go to *.sub.example.com, you’ll need the $10/month dedicated certificate with custom hostnames.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.