Welcome! Log In Create A New Profile

Re: Nginx not loading different certs on two hosts

Forum List Message List New Topic Print View

Maxim Dounin

December 11, 2020 07:56PM

Hello!

On Fri, Dec 11, 2020 at 01:44:06PM +0200, Nikolaos Milas wrote:

> On 10/12/2020 4:42 μ.μ., Maxim Dounin wrote:
> > How do you test it? Note well that the second vhost is only
> > available on port 443 via IPv6.
> >> Finally, what is the best way to successfully listen (i.e. the suggested
> >> way to configure the "listen" directives) to 80 and 443 ports on both
> >> IPv4 and IPv6 on all hosts (each and every one of them)?
> > The recommended approach is to list all relevant "listen"
> > directives in all relevant servers.
>
> Hi Maxim,
>
> Thank you for your reply!
>
> I used the listen directives as you suggested on both vhosts and then I
> retried. After restarting nginx, both vhosts worked fine, both with http
> and https!
>
> Please note that with the initial config (as I had sent it), the second
> vhost was in fact responding to IPv4 clients as well, (through the use
> of ipv4-mapped ipv6 addresses). Actually, the second vhost used to work
> ONLY with http.
>
> When the second site was being accessed via https, it would produce an
> SSL warning, and by checking the certificate details I could see that it
> was the one used for the first vhost.

That's because the second vhosts has IPv6 listening socket on port
80 configured with "ipv6only=off", so it accepted both IPv6 and
IPv4 connections. In contrast, IPv6 socket on port 443 (the one
used for https) is _not_ configured with "ipv6only=off", so it
only accepts IPv6 connections, but not IPv4. And the separate
IPv4 listening socket on port 443 was only configured in the first
vhost, but not in the second one. As such, all IPv4 https
connections were handled by the first vhost only.

[...]

> I haven't been able to understand the above described behavior! In any
> case, everything works fine now!

Glad it works now, and hope the previous behaviour is clear now as
well: it is a result of no IPv4 listening socket on port 443 in
the second vhost in the original configuration.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Nginx not loading different certs on two hosts	Nikolaos Milas	December 09, 2020 04:36PM
Re: Nginx not loading different certs on two hosts	Maxim Dounin	December 10, 2020 09:44AM
Re: Nginx not loading different certs on two hosts	Nikolaos Milas	December 11, 2020 06:46AM
Re: Nginx not loading different certs on two hosts	Maxim Dounin	December 11, 2020 07:56PM
Re: Nginx not loading different certs on two hosts	Nikolaos Milas	December 15, 2020 12:02PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 146

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018