Nginx-0.7.14

imixaly4 · September 1, 2008, 5:50pm

Changes with nginx 0.7.14 01 Sep
2008

*) Change: now the ssl_certificate and ssl_certificate_key

directives
have not default values.

*) Feature: the "listen" directive supports the "ssl" parameter.

*) Feature: now nginx takes into account a time zone change while
   reconfiguration on FreeBSD and Linux.

*) Bugfix: the "listen" directive parameters such as "backlog",
   "rcvbuf", etc. were not set, if a default server was not the

first
one.

*) Bugfix: if URI part captured by a "rewrite" directive was used as

a
query string, then the query string was not escaped.

*) Bugfix: configuration file validity test improvements.

imixaly4 · September 2, 2008, 12:19am

*) Feature: the “listen” directive supports the “ssl” parameter.

How is it used? Is there an example available?

imixaly4 · September 2, 2008, 12:39am

Hello!

On Tue, Sep 02, 2008 at 08:07:57AM +1000, CryptWizard wrote:

*) Feature: the “listen” directive supports the “ssl” parameter.

How is it used? Is there an example available?

In russian it’s here:
http://www.sysoev.ru/nginx/docs/http/ngx_http_core_module.html#listen

 server {
     listen  80;
     listen  443 ssl;

     ...
 }

It allows using the same server{} for http and https.

Maxim D.

imixaly4 · September 2, 2008, 12:53am

That’s excellent.
Now I don’t need to have 2 almost identical server blocks and make
changes in 2 places every time.
Just waiting for the FreeBSD port to come out.

imixaly4 · September 2, 2008, 8:17am

On Tue, Sep 02, 2008 at 08:45:07AM +1000, CryptWizard wrote:

That’s excellent.
Now I don’t need to have 2 almost identical server blocks and make
changes in 2 places every time.
Just waiting for the FreeBSD port to come out.

This is recommended for sites where difference between HTTP and HTTPS
is small as comprared to whole sites configuration:

    server {
        listen  80;
        listen  443 default ssl;

        server_name  www.example.com;

        ssl_certificate       /path/to/cert;
        ssl_certificate_key   /path/to/key;

        location / {
            ...
        }

        location /ssl/only/dir/ {
            if ($scheme = http) {
                rewrite  ^(.+)$   https://www.example.com$1;
            }
            ...
        }

    }

imixaly4 · September 3, 2008, 2:28pm

Aww…
Can you make it work for non-default listen directives as well?

imixaly4 · September 3, 2008, 3:01pm

So does that mean that on my non-default servers I can just add listen
443; to it and it will work, and I still don’t need two server blocks
for each actual server+

imixaly4 · September 3, 2008, 2:40pm

On Wed, Sep 03, 2008 at 11:19:00PM +1100, CryptWizard wrote:

Aww…
Can you make it work for non-default listen directives as well?

“listen default” means that you define listen(2) and bind(2) parameters.
“ssl” is not listen/bind(2) parameter, but anyway all servers listening
on this port must accept SSL connections only.

imixaly4 · September 3, 2008, 3:50pm

No need to re-specify the certificates and stuff?

imixaly4 · September 3, 2008, 3:05pm

On Wed, Sep 03, 2008 at 11:53:09PM +1100, CryptWizard wrote:

So does that mean that on my non-default servers I can just add listen
443; to it and it will work, and I still don’t need two server blocks
for each actual server+

Yes:

server {
listen 80;
listen 443 default ssl;
}

server {
listen 80;
listen 443; # it will be SSL too
}

imixaly4 · September 3, 2008, 3:52pm

On Thu, Sep 04, 2008 at 12:39:00AM +1100, CryptWizard wrote:

No need to re-specify the certificates and stuff?

No, you need to repeat them, or you may set all SSL directives on http
level.
However, you need special wildcard certificate or certificate with
alternative name, if you want to use name-based SSL hosts.