Now here is a domain that cool.XXXXXX.com in use.
I want to show my Japanese version with domain called jp-cool.XXXXXX.com
I set the SSL with letencrypt
certbot certonly --standalone -d jp-cool.XXXXXX.com --staple-ocsp -m root@jp-cool.XXXXXX.com --agree-tos
docker-compose.ymlversion: "3.3"
services:
XXXXweb-db:
image: mysql:5.7.26
restart: always
container_name: XXXXweb-db
environment:
MYSQL_HOST: XXXXweb-db
MYSQL_DATABASE: ${DB_NAME}
MYSQL_USER: ${DB_USER}
MYSQL_PASSWORD: ${DB_PASS}
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
volumes:
- ./data:/var/lib/mysql:delegated
- ./logs/mysql:/var/log/mysql:delegated
- ./conf/mysql.cnf:/etc/mysql/my.cnf:delegated
ports:
- "3306:3306"
expose:
- 3306
security_opt:
- seccomp:unconfined
XXXXweb-nginx:
image: nginx:1.17.1-alpine
restart: always
ports:
- "80:80"
- "443:443"
expose:
- 80
- 443
volumes:
- ./logs:/var/log/nginx:delegated
- ./conf/${NGINX_CONFIG_NAME}:/etc/nginx/nginx.conf:delegated
- ${CERT_PATH}:/etc/letsencrypt:delegated
- ./:/wwwroot:delegated
depends_on:
- XXXXweb-db
- XXXXweb-php
logging:
driver: "json-file"
options:
max-size: "100m"
XXXXweb-php:
image: php-XXXX
restart: always
ports:
- "9000:9000"
expose:
- 9000
volumes:
- ./logs:/var/log:delegated
- ./:/wwwroot:delegated
healthcheck:
test: ["CMD-SHELL", "pidof php-fpm"]
interval: 5s
retries: 12
logging:
driver: "json-file"
options:
max-size: "100m"
nginx-server.confuser nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log on;
sendfile on;
keepalive_timeout 65;
client_max_body_size 100M;
server {
listen 80;
server_name cool.XXXXXX.com;
return 301 https://cool.XXXXXX.com$request_uri;
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cool.XXXXXX.com/privkey.pem; # managed by Certbot
## Your website name goes here.
server_name cool.XXXXXX.com;
## Your only path reference.
root /wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass XXXXweb-php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
}
After I add
server {
listen 80;
server_name jp-cool.XXXXXX.com;
return 301 https://jp-cool.XXXXXX.com$request_uri;
}
It works for http insecure connection.
However after I add a jp-cool.XXXXXX.com duplicate part of cool.XXXXXX.com, just one of them could work.
And I got invalid on the WPML panel when setting 'different domain per language'.
Without docker, I could setting different domain in local nginx /etc/nginx/site-available
But I can't set it up with dockerized nginx.
If you have no wildcard certificate your only option is to duplicate server block per certificate. Here's how you can do it:
server {
# this part changes per certificate
ssl_certificate /etc/letsencrypt/live/cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cool.XXXXXX.com/privkey.pem; # managed by Certbot
server_name cool.XXXXXX.com;
include common;
}
server {
# this part changes per certificate
ssl_certificate /etc/letsencrypt/live/jp-cool.XXXXXX.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jp-cool.XXXXXX.com/privkey.pem;
server_name jp-cool.XXXXXX.com;
include common;
}
To follow DRY principle, put the rest of the server block into a separate file. I've used 'common' as a name for that file, you need to place it in /etc/nginx/ or you'd have to change path in blocks above. /etc/nginx/common:
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
root /wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass XXXXweb-php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
Also you can do HTTPS redirects with one server:
server {
listen 80;
server_name cool.XXXXXX.com;
server_name jp-cool.XXXXXX.com;
return 301 https://$host$request_uri;
}