Hi all,

Had a chat with a helpful person on IRC but both are stumped as to why my configuration passes a check (nginx -t) but fails to properly handle SSL.

– I’ve split a couple of repetitive blocks out into /etc/nginx/includes/ssl.conf (-rw-r--r-- root:root - same as nginx.conf - should not be a problem)
– Doing so results in SSL handshake issues (and the connection fails appropriately)
– My cert covers both the root domain and www
– An excerpt of my configuration is here: http://p.ngx.cc/8796278344c60dcb — but the relevant part is below:
# re-direct non-www https to https
server {
listen 443 ssl;
server_name example.com;

include /etc/nginx/includes/ssl.conf;

return 301 https://www.example.com$request_uri;
}

server {
listen 443 ssl default_server;
server_name www.example.com;

include /etc/nginx/includes/ssl.conf;

root /srv/www/www.example.com/public;

error_page 502 503 504 /5xx.html;

# rest of config (proxy pass to Go server)
# STS header in location block, etc.
}
If I move the include directive (effectively removing the duplication) into the http block and put the ssl_certificate and ssl_certificate_key directives into each of the two (2) server blocks instead of includes/ssl.conf, all is well. But this conflicts with the documentation (as I interpret it) and still results in some duplicated configuration.

Ideally I want to drop the entire “SSL config” for these two domains into a includes file that I can then just import into the server blocks. If that’s not entirely possible, that’s okay — but configs I’ve seen out in the wild (https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf) seem to do what I’m trying to achieve :)

Cheers,
Matt_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx