SPDY certificates and Wordpress multisite

Server NGINX
1

Hello. I manage a small blog network (17) that has a lot of traffic
(20MM
visits/month). I use Wordpress Multisite to manage it, each blog has its
own
domain name, and all are served from the same WP install.

I’m thinking about implementing SPDY to speed up the sites, I know I
need
SSL certificates for this to work.

  1. Will I need a certificate for each website? Or just one certificate
    for
    the main site to encrypt the connection and that’s it?

  2. I have a single server directive holding most of the configuration
    stuff
    with ‘default_server’, and then some individual settings for each site,
    mostly www-to-no-www redirects and legacy url rewrites. If I need a
    certificate for each website, do I need to replicate all the wordpress
    config for each domain, having a complete server directive with all WP +
    PHP
    stuff in it for each domain? Does this impact nginx’s performance in any
    way?

This one’s just lazy: is the RPM package hosted in the nginx repo (for
yum
in Fedora/CentOS, etc) compiled with SPDY on or I’ll need to compile my
own
version?

Thanks in advance.

Cheers!

Posted at Nginx Forum:

2

I don’t use SPDY, so take what I say as being from an SSL perspective,
not a SPDY one.

If your 17 blogs live under the same domain that you own, you could
look at using a wildcard SSL cert. You’d only need a single
IP/server{} combo for each wildcard cert, and a single wildcard cert
for each unique domain suffix you own.

If that’s not helpful, and the domains are all different, then you
could look at a UCC (or SaN) SSL cert. This would also allow you to
use a single IP/server{} block, but would probably be uneconomical if
your domain list changes frequently.

Finally, if you need/get a separate SSL cert for each domain, you will
need a distinct IP and server{} block for each.

17 domains with SSL and a separate server{} for each will not affect
performance, IME. You’ll just proxy_pass to the same backend from
each.

HTH,
Jonathan

Jonathan M. // Oxford, London, UK
http://www.jpluscplusm.com/contact.html

3

regarding recompile question: SPDY is supported with OpenSSL 1.0.1
so if your distro using earlier version, SPDY will not be supported,
you can check “nginx -V” if SPDY been enabled.

When recompiling you can use openssl source package and link it
statically
to nginx if needed
–with-http_spdy_module
–with-openssl=/path/to/unpacked/source/openssl-1.0.1e

Posted at Nginx Forum: