Welcome to nginx on Debian!

# Multi TLS certificate termination

This example uses 2 different certificates to terminate SSL for 2 hostnames.

1. Deploy the controller by creating the rc in the parent dir
2. Create tls secrets for foo.bar.com and bar.baz.com as indicated in the yaml
3. Create [multi-tls.yaml](https://github.com/du2016/ingress-nginx-docs-cn/tree/4de23547e0cca9515948b6ec6c779349f3a8ca9d/docs/examples/multi-tls/multi-tls.yaml)

This should generate a segment like:

```
$ kubectl exec -it nginx-ingress-controller-6vwd1 -- cat /etc/nginx/nginx.conf | grep "foo.bar.com" -B 7 -A 35
    server {
        listen 80;
        listen 443 ssl http2;
        ssl_certificate /etc/nginx-ssl/default-foobar.pem;
        ssl_certificate_key /etc/nginx-ssl/default-foobar.pem;


        server_name foo.bar.com;


        if ($scheme = http) {
            return 301 https://$host$request_uri;
        }


        location /{
            proxy_set_header Host                   $host;

            # Pass Real IP
            proxy_set_header X-Real-IP              $remote_addr;

            # Allow websocket connections
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $host;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

            proxy_connect_timeout                   5s;
            proxy_send_timeout                      60s;
            proxy_read_timeout                      60s;

            proxy_redirect                          off;
            proxy_buffering                         off;

            proxy_http_version                      1.1;

            proxy_pass http://default-http-svc-80;
        }
```

And you should be able to reach your nginx service or http-svc service using a hostname switch:

```
$  kubectl get ing
NAME      RULE          BACKEND   ADDRESS                         AGE
foo-tls   -                       104.154.30.67                   13m
          foo.bar.com
          /            http-svc:80
          bar.baz.com
          /            nginx:80

$ curl https://104.154.30.67 -H 'Host:foo.bar.com' -k
CLIENT VALUES:
client_address=10.245.0.6
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://foo.bar.com:8080/

SERVER VALUES:
server_version=nginx: 1.9.11 - lua: 10001

HEADERS RECEIVED:
accept=*/*
connection=close
host=foo.bar.com
user-agent=curl/7.35.0
x-forwarded-for=10.245.0.1
x-forwarded-host=foo.bar.com
x-forwarded-proto=https

$ curl https://104.154.30.67 -H 'Host:bar.baz.com' -k
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx on Debian!</title>

$ curl 104.154.30.67
default backend - 404
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://rocdu.gitbook.io/ingress-nginx-docs-cn/docs/examples/multi-tls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.