Welcome! Log In Create A New Profile

Advanced

Re: Issue with SNI/SSL and default_server

August 28, 2012 01:16AM
On Aug 21, 2012, at 16:58 , Jordi Boggiano wrote:

> Heya,
>
> I have a server with two domains using SSL on one IP via SNI. So far so
> good, but the problem is that one of the site is marked as
> default_server to catch all (then I do a redirect to the proper domain,
> I left out some parts of the config below for conciseness).
>
> The problem is, if you have a ssl server marked as default_server, it
> seems to take over everything else, and domainb.com is not reachable via
> SSL anymore.
>
> server {
> listen 80 default_server;
> server_name domaina.com <ip>;
> }
>
> server {
> listen 443 ssl default_server;
> server_name domaina.com <ip>;
> }
>
> server {
> listen 80;
> server_name domainb.com;
> }
>
> server {
> listen 443 ssl;
> server_name domainb.com <ip>;
> }
>
> The workaround I found is the following: I put the IP in the
> server_name, and therefore can remove the default_server flag from the
> ssl server (it's not completely equivalent, but close enough for my
> purposes). The problem is that it needs the server public IP in, which
> isn't ideal to have generic vhost templates in puppet:
>
> server {
> listen 80 default_server;
> server_name domaina.com <ip>;
> }
>
> server {
> listen 443 ssl;
> server_name domaina.com <ip>;
> }
>
> server {
> listen 80;
> server_name domainb.com;
> }
>
> server {
> listen 443 ssl;
> server_name domainb.com <ip>;
> }
>
> I am not sure whether this is a bug or an expected feature, which is why
> I am writing here.

These configuration should be equal from nginx point of view,
since the first server becomes default_server anyway. Probably
the real configuration does not correspond to them.


--
Igor Sysoev

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Issue with SNI/SSL and default_server

Jordi Boggiano August 21, 2012 09:00AM

Re: Issue with SNI/SSL and default_server

bompus August 28, 2012 12:33AM

Re: Issue with SNI/SSL and default_server

Igor Sysoev August 28, 2012 12:46AM

Re: Issue with SNI/SSL and default_server

bompus August 28, 2012 12:48AM

Re: Issue with SNI/SSL and default_server

Igor Sysoev August 28, 2012 01:14AM

Re: Issue with SNI/SSL and default_server

bompus August 28, 2012 01:25AM

Re: Issue with SNI/SSL and default_server

Igor Sysoev August 28, 2012 12:56PM

Re: Issue with SNI/SSL and default_server

Igor Sysoev August 28, 2012 01:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 191
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready