Welcome! Log In Create A New Profile

Re: Multiple SSL listen statements and SNI

Forum List Message List New Topic Print View

Igor Sysoev

November 11, 2016 03:04AM

Admin
Registered: 15 years ago
Posts: 4,579

On 11 Nov 2016, at 05:30, Dave Hayes <dave@jetcafe.org> wrote:

> Hello. :) Please consider the following nginx setup:
>
> server {
> # server 1
> listen 443 default_server ssl;
> server_name "";
> ...
> return 444;
> }
>
> server {
> # server 2
> listen 127.0.0.81:443 default_server ssl;
> server_name "";
> ...
> return 444;
> }
>
> server {
> # server 3
> listen 127.0.0.81:443 ssl;
> server_name "foo.com";
> ...
> }
>
> server {
> # server 4
> listen 443 ssl;
> server_name "thing.com";
> ...
> }
>
> I am at nginx 1.8.1 with SNI support enabled. The behavior I expect from this is:
>
> - requests to foo.com on 127.0.0.81 will return per the server 3 bucket
> - requests to thing.com on the default interface or on 127.0.0.81 will return per the server 4 bucket
> - requests to foo.com on the default interface will return 444
> - requests to any other SSL site will return 444
>
> The behavior I observe that is different from this expectation is this:
>
> - requests to thing.com on the 127.0.0.81 interface return 444
>
> I would love to know exactly what is going on here. Would anyone be so kind as to point out what is happening? Thanks in advance.

Please read this:
http://nginx.org/en/docs/http/request_processing.html#mixed_name_ip_based_servers

This configuration does what you want:

server {
# server 4
listen 443 ssl;
listen 127.0.0.81:443 ssl;
server_name "thing.com";
...
}

--
Igor Sysoev
http://nginx.com

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Multiple SSL listen statements and SNI	Dave Hayes	November 10, 2016 09:32PM
Re: Multiple SSL listen statements and SNI	Igor Sysoev	November 11, 2016 03:04AM
Re: Multiple SSL listen statements and SNI	Dave Hayes	November 11, 2016 12:46PM
Re: Multiple SSL listen statements and SNI	Igor Sysoev	November 11, 2016 01:50PM
Re: Multiple SSL listen statements and SNI	Dave Hayes	November 11, 2016 02:14PM
Re: Multiple SSL listen statements and SNI	Igor Sysoev	November 11, 2016 02:30PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 109

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018