Hi Francis!
Thank you so much for your answer! I really appreciate it!
And I apologize for taking this long to reply.
> As I understand things:
>
> * you need one nginx listening on port 80 for http and 443 for https
> * you want to handle two server names (differently)
Well, sort of. I have to Servers, and both are running nginx. Which I think is the key to this problem.
Server A (macmini) has an nginx server under my direct control.
Server B (the synology NAS) has an nginx server NOT under my direct control.
> I am not clear on whether you want to "redirect" or "proxy_pass" to
> the service on the other ports -- "redirect" would involve the client
> issuing a new request to https://something:5001; while "proxy_pass"
> would involve the client continuing to request https://something, and
> nginx ensuring that the response from :5001 gets to the client.
I thought what I wanted was to "proxy_pass", but what I needed to do was to "redirect".
Sadly, that doesn't work - and I _think_ I might understand why.
I have two domains - one related to Server A and one related to Server B.
Server A domain is certified using Let's Encrypt (LE) and I own that domain.
Server B domain is also certified using LE, but I DON'T own that domain - Synology does. It's part of their "internal" DDNS system to help users expose their NAS reliably to the internet.
And herein lies the problem as it seems, from what I can gather HTTPS is terminated and checked/validated in Server A and fails for requests to Server B domain, since the certificates in Server A are not the correct ones for Server B domain - only for Server A domain. So the redirect works - but you get the "not valid ceritficates" warning(s) in the browser. :(
> two server{} blocks with different server_name directives, and SNI
> enabled
> in your nginx, and the correct ssl_certificate available in each
> server{}.
So that's ^^ is basically the problem and why it fails. The certificates can't be in that server block, because they reside in the server block in the nginx running on Server B.
> Good luck with it,
Thanks again! :)