The Big Idea
What if you could secure many websites on one server without buying extra IP addresses?
0
0
Why SNI for multiple SSL certificates in Nginx? - Purpose & Use Cases
The Scenario
Imagine you run a website hosting service where many customers want their own secure websites on the same server. Without special tricks, you can only use one SSL certificate per IP address.
This means if you want to serve multiple secure sites, you need many IP addresses or complicated setups.
The Problem
Manually assigning a unique IP address for each secure site is expensive and slow.
It also wastes IP addresses and makes managing certificates a headache.
Plus, users might see security warnings if the wrong certificate is served.
The Solution
SNI (Server Name Indication) lets the server know which website the user wants before sending the SSL certificate.
This way, one IP address can serve many secure sites, each with its own certificate, without confusion.
Before vs After
✗ Before
server {
listen 1.2.3.4:443 ssl;
ssl_certificate /etc/ssl/site1.crt;
ssl_certificate_key /etc/ssl/site1.key;
server_name site1.com;
}
server {
listen 1.2.3.5:443 ssl;
ssl_certificate /etc/ssl/site2.crt;
ssl_certificate_key /etc/ssl/site2.key;
server_name site2.com;
}✓ After
server {
listen 443 ssl;
server_name site1.com;
ssl_certificate /etc/ssl/site1.crt;
ssl_certificate_key /etc/ssl/site1.key;
}
server {
listen 443 ssl;
server_name site2.com;
ssl_certificate /etc/ssl/site2.crt;
ssl_certificate_key /etc/ssl/site2.key;
}What It Enables
SNI enables hosting many secure websites on a single IP address, saving resources and simplifying management.
Real Life Example
A hosting company uses SNI to provide hundreds of customers with their own HTTPS websites on one server without needing hundreds of IP addresses.
Key Takeaways
Manual SSL setup needs one IP per certificate, which is costly and complex.
SNI lets one IP serve multiple SSL certificates by identifying the requested site early.
This makes hosting many secure sites easier, cheaper, and more scalable.