Welcome! Log In Create A New Profile

Advanced

Re: Host header and SSL

Edho Arief
February 16, 2012 07:08PM
On Fri, Feb 17, 2012 at 6:18 AM, Kamil Gorlo <kgs4242@gmail.com> wrote:
>
> server {
>  listen IP1:80 default_server;
>  listen IP2:80 default_server;
>  serrver_name _;
>  return 444;
> }
>
> But this technique simply does not work for SSL. As far I understand
> correctly there are two techniques to cope with my problem (to prevent
> https request with non-matching Host header to be served):
>

It should work (at least passes `nginx -t` in my test).

>
> 2. using catch-all but slightly more complicated and weird:
>
> server {
>  listen IP3:443 ssl;
>  server_name some_host.com;
>
>  (no ssl_certificate section - it is in catch-all block)
>
>  location / {
>    ...
>    proxy_set_header Host $host; // safe because of catch-all below
>  }
> }
>
> server {
>  listen IP3:443 ssl default_server;
>  server_name _;
>
>  ssl_certificate...
>
>  return 444;
> }
>

Nothing weird or complicated in this one. It's the preferred method
but you need to specify ssl_certificate parameters on each server
blocks. I'm not sure how it behaves on non-SNI environment though.

Alternatively you can force passing some_host.com as the Host header
to your proxy:

proxy_set_header Host some_host.com


--
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Host header and SSL

Kamil Gorlo February 16, 2012 06:20PM

Re: Host header and SSL

Edho Arief February 16, 2012 07:08PM

Re: Host header and SSL

Kamil Gorlo February 17, 2012 02:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 72
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready