Welcome! Log In Create A New Profile

Advanced

Re: Multiple SSL listen statements and SNI

November 11, 2016 02:30PM
On 11 Nov 2016, at 22:13, Dave Hayes <dave@jetcafe.org> wrote:

> On 11/11/2016 10:49, Igor Sysoev wrote:
>> Yes, *:443 matches all addresses except explicitly specified in listen directives with the same port 443.
>
> Ah! Thank you very much! This statement cleared up my confusion. I didn't see this statement in any documentation, but I could have missed it.
>
>> Consider it as fallback. On FreeBSD you can use “bind” parameter:
>>
>> listen *:443;
>> listen 127.0.0.81:443 bind;
>>
>> And there will be two separate sockets: *:443 and 127.0.0.81:443.
>> You can not use “bind” on Linux however if one of listen addresses is 0.0.0.0 (wildcard, *).
>>
>> So this configuration without “bind”:
>>
>> listen *:443;
>> listen 127.0.0.81:443;
>>
>> emulates this two separate sockets behaviour in one 0.0.0.0:443 socket.
>
> Nice to know that, as I do use FreeBSD. I'm still a bit curious; why would I want two separate sockets when I am already listening on 0.0.0.0?

When nginx listen on *:80 it is calls getsockname() to learn exact IP address which client connected to.
With “bind” nginx already knows the address and eliminates the syscall.

> At first glance, I'd think the emulation suits my needs more; no sense in taking up memory for an extra socket right?

I believe memory saving is negligeable.

There is another case: You can configure listen addresses which are not exists on
the host when nginx starts and will be available later via CARP or similar protocol.


--
Igor Sysoev
http://nginx.com

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Multiple SSL listen statements and SNI

Dave Hayes November 10, 2016 09:32PM

Re: Multiple SSL listen statements and SNI

Igor Sysoev November 11, 2016 03:04AM

Re: Multiple SSL listen statements and SNI

Dave Hayes November 11, 2016 12:46PM

Re: Multiple SSL listen statements and SNI

Igor Sysoev November 11, 2016 01:50PM

Re: Multiple SSL listen statements and SNI

Dave Hayes November 11, 2016 02:14PM

Re: Multiple SSL listen statements and SNI

Igor Sysoev November 11, 2016 02:30PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 64
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready