# Multiple Hostnames
## Multiple Hostnames/Configurations for SSL Termination
The `keeper/guacamole-ssl-nginx` image is specifically intended to provide SSL termination for the Guacamole image provided by Keeper for KCM. Historically, this image supported only a single hostname and configuration:
```
ssl:
image: keeper/guacamole-ssl-nginx:2
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
SELF_SIGNED: "Y"
ACCEPT_EULA: "Y"
CONTENT_TYPE_OPTIONS: "Y"
CONTENT_SECURITY_POLICY: "Y"
GUACAMOLE_HOSTNAME: "guacamole"
SSL_HOSTNAME: "example.net"
```
As of KCM 2.12.0, the `keeper/guacamole-ssl-nginx` image can be used with multiple hostnames and configurations via a special `SERVERS` environment variable that accepts YAML (or JSON).
The `SERVERS` variable must contain a YAML (or JSON) array of objects, where each object contains the name/value pairs of environment variables that should apply to that additional configuration. **Any variable that is not specified is inherited from the top-level environment**. For example:
```
ssl:
image: keeper/guacamole-ssl-nginx:2
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
SELF_SIGNED: "Y"
ACCEPT_EULA: "Y"
CONTENT_TYPE_OPTIONS: "Y"
CONTENT_SECURITY_POLICY: "Y"
GUACAMOLE_HOSTNAME: "guacamole"
SERVERS: |
- SSL_HOSTNAME: "example.net"
- SSL_HOSTNAME: "*.example.net"
```
The above configuration would result in an NGINX instance that handles both `example.net` and `*.example.net` hostnames equivalently. Both will get their own self-signed certificates because `SELF_SIGNED` is set to `Y`.
A more complex example:
```
ssl:
image: keeper/guacamole-ssl-nginx:2
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
ACCEPT_EULA: "Y"
CONTENT_TYPE_OPTIONS: "Y"
CONTENT_SECURITY_POLICY: "Y"
GUACAMOLE_HOSTNAME: "guacamole"
SERVERS: |
- SSL_HOSTNAME: "example.net"
LETSENCRYPT_ACCEPT_TOS: "Y"
LETSENCRYPT_EMAIL=your.email@example.net
- SSL_HOSTNAME: "*.example.net"
SELF_SIGNED: "Y"
```
The above configuration would result in an NGINX instance that generates and uses a self-signed certificate for `*.example.net`, but obtains a certificate for `example.net` from Let’s Encrypt.
**IMPORTANT:** The value of `SERVERS` *must* be a string, hence the `|` symbol within the above examples. If this symbol is omitted, then the YAML that follows is parsed as an object, and validation of the `docker-compose.yml` will fail, as all Docker environment variables must be strings.
**NOTE:** NGINX will use the first server as the default for any request that does not match any configured hostname. If any server declared in `SERVERS` should have this behavior, it must be the first server listed.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.keeper.io/keeper-connection-manager/authentication/multiple-hostnames.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.