Welcome! Log In Create A New Profile

Advanced

Re: Multiple SSL listen statements and SNI

November 11, 2016 03:04AM
On 11 Nov 2016, at 05:30, Dave Hayes <dave@jetcafe.org> wrote:

> Hello. :) Please consider the following nginx setup:
>
> server {
> # server 1
> listen 443 default_server ssl;
> server_name "";
> ...
> return 444;
> }
>
> server {
> # server 2
> listen 127.0.0.81:443 default_server ssl;
> server_name "";
> ...
> return 444;
> }
>
> server {
> # server 3
> listen 127.0.0.81:443 ssl;
> server_name "foo.com";
> ...
> }
>
> server {
> # server 4
> listen 443 ssl;
> server_name "thing.com";
> ...
> }
>
> I am at nginx 1.8.1 with SNI support enabled. The behavior I expect from this is:
>
> - requests to foo.com on 127.0.0.81 will return per the server 3 bucket
> - requests to thing.com on the default interface or on 127.0.0.81 will return per the server 4 bucket
> - requests to foo.com on the default interface will return 444
> - requests to any other SSL site will return 444
>
> The behavior I observe that is different from this expectation is this:
>
> - requests to thing.com on the 127.0.0.81 interface return 444
>
> I would love to know exactly what is going on here. Would anyone be so kind as to point out what is happening? Thanks in advance.

Please read this:
http://nginx.org/en/docs/http/request_processing.html#mixed_name_ip_based_servers

This configuration does what you want:

server {
# server 4
listen 443 ssl;
listen 127.0.0.81:443 ssl;
server_name "thing.com";
...
}


--
Igor Sysoev
http://nginx.com

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Multiple SSL listen statements and SNI

Dave Hayes November 10, 2016 09:32PM

Re: Multiple SSL listen statements and SNI

Igor Sysoev November 11, 2016 03:04AM

Re: Multiple SSL listen statements and SNI

Dave Hayes November 11, 2016 12:46PM

Re: Multiple SSL listen statements and SNI

Igor Sysoev November 11, 2016 01:50PM

Re: Multiple SSL listen statements and SNI

Dave Hayes November 11, 2016 02:14PM

Re: Multiple SSL listen statements and SNI

Igor Sysoev November 11, 2016 02:30PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 70
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready