Hey everyone,

This is a bit of an odd situation that I'm trying to work around. My wife and I work at the same university but for different studies in different departments. My wife has a website hosted at https://department.university.edu/study but she wanted a cleaner looking URL so she purchased study.org. Then she asked the sysadmin for her study to setup a virtual host but he won't do it. This guy has a history of refusing to change things and she's been back and forth with him for days now. I'm trying to help out by using one of my servers to reverse proxy but it looks like I have to have the SSL certificate for department.university.edu instead of study.org. I've tried a few different options but I think I've misunderstood them. This is what I have so far.

server {
listen 10.160.167.20:80;
server_name study.org;

return 301 https://$host$request_uri;
}

server {
listen 10.160.167.20:443 ssl http2;
server_name study.org;

ssl_certificate /etc/ssl/study.org/fullchain.cer;
ssl_certificate_key /etc/ssl/study.org/study.org.key;

location / {
proxy_pass https://department.university.edu/study;
}
}

I've tried proxy_ssl_verify off; and proxy_ssl_name study.org; but again, I don't think I've understood these options correctly and I'm not seeing any topics that cover this particular use case. The problem is that the browser is requesting study.org and, while the nginx server I control has the SSL certificate for study.org, the SSL certificate from department.university.edu is what is ultimately presented to the browser. Is there any way to have the study.org cert be the only SSL cert used for validation without access to the server that hosts the site?

Thanks,

Matt