Jordi Boggiano
August 21, 2012 09:00AM
Heya,

I have a server with two domains using SSL on one IP via SNI. So far so
good, but the problem is that one of the site is marked as
default_server to catch all (then I do a redirect to the proper domain,
I left out some parts of the config below for conciseness).

The problem is, if you have a ssl server marked as default_server, it
seems to take over everything else, and domainb.com is not reachable via
SSL anymore.

server {
listen 80 default_server;
server_name domaina.com <ip>;
}

server {
listen 443 ssl default_server;
server_name domaina.com <ip>;
}

server {
listen 80;
server_name domainb.com;
}

server {
listen 443 ssl;
server_name domainb.com <ip>;
}

The workaround I found is the following: I put the IP in the
server_name, and therefore can remove the default_server flag from the
ssl server (it's not completely equivalent, but close enough for my
purposes). The problem is that it needs the server public IP in, which
isn't ideal to have generic vhost templates in puppet:

server {
listen 80 default_server;
server_name domaina.com <ip>;
}

server {
listen 443 ssl;
server_name domaina.com <ip>;
}

server {
listen 80;
server_name domainb.com;
}

server {
listen 443 ssl;
server_name domainb.com <ip>;
}

I am not sure whether this is a bug or an expected feature, which is why
I am writing here.

Cheers

--
Jordi Boggiano
@seldaek - http://nelm.io/jordi

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Issue with SNI/SSL and default_server

Jordi Boggiano August 21, 2012 09:00AM

Re: Issue with SNI/SSL and default_server

bompus August 28, 2012 12:33AM

Re: Issue with SNI/SSL and default_server

Igor Sysoev August 28, 2012 12:46AM

Re: Issue with SNI/SSL and default_server

bompus August 28, 2012 12:48AM

Re: Issue with SNI/SSL and default_server

Igor Sysoev August 28, 2012 01:14AM

Re: Issue with SNI/SSL and default_server

bompus August 28, 2012 01:25AM

Re: Issue with SNI/SSL and default_server

Igor Sysoev August 28, 2012 12:56PM

Re: Issue with SNI/SSL and default_server

Igor Sysoev August 28, 2012 01:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 179
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready