Welcome! Log In Create A New Profile

Advanced

SSL & Nginx

Previous Message Next Message
Forum List Message List New Topic Print View
Jaap van Arragon
January 03, 2011 05:24AM
Hello,

First let me wish everybody a very good and healthy 2011!

We are using nginx for loadbalancing multiple websites. Almost every website
has SSL enabled.

We have one upstream for a couple of websites:

#start webservers:
upstream webservers-fair {
fair;
server 213.154.235.247 max_fails=5 fail_timeout=20s weight=1;
server 213.154.235.248 max_fails=5 fail_timeout=20s weight=1;
} #end upstream

The upstream needed is provided in the config, here is the problem. We use
the config IP multiple times with different certificates and different
server_name variables. Last Friday we¹ve noticed that the certificate wasn¹t
working well in IE7/8/9. Is this a known problem or am I doing something
wrong?

server {
listen xxx.xxx.xxx.249:80;
server_name domain.nl;
server_name domain.nl;
#logs
access_log /var/log/nginx/lb1-webservers.access.log;
error_log /var/log/nginx/lb1-webservers.error.log;

location / {
proxy_pass http://webservers-fair;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_max_temp_file_size 0;
client_max_body_size 30M;
}

location /status {
stub_status on;
access_log off;
}

}#end server

server {
listen xxx.xxx.xxx.249:443;
server_name domain.nl;
server_name domain.nl;
#logs
access_log /var/log/nginx/lb1-webservers.access.log;
error_log /var/log/nginx/lb1-webservers.error.log;

ssl on;
ssl_certificate /certificates/ssl/domain-nl.crt;
ssl_certificate_key /certificates/ssl/domain-nl.key;

ssl_session_timeout 5m;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;


location / {
proxy_pass http://webservers-fair;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_max_temp_file_size 0;
client_max_body_size 30M;
}

location /status-ssl {
stub_status on;
access_log off;
}

}#end server

########################### WEBSERVER
###############################################

Help is much appreciated!!

Grt
Jaap van Arragon

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

SSL & Nginx

Jaap van Arragon January 03, 2011 05:24AM

Re: SSL & Nginx

Piotr Sikora January 03, 2011 05:32AM

Re: SSL & Nginx

Jaap van Arragon January 03, 2011 07:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 149
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready