If one has a wildcard SSL certificate (*.mydomain.org), is it possible
to use that with many server
blocks on the same server?
For instance, if one has both a www.
(http) and secure.
(https) and
wants to serve images from a subdomain for both servers, is this
possible:
server {
server_name www.mydomain.org;
listen 80;
}
server {
server_name secure.mydomain.org;
listen 443;
ssl on;
ssl_certificate /etc/ssl/mydomain.pem;
ssl_certificate_key /etc/ssl/mydomain.key;
}
server {
server_name images.mydomain.org;
listen 80;
listen 443;
ssl on;
ssl_certificate /etc/ssl/mydomain.pem;
ssl_certificate_key /etc/ssl/mydomain.key;
}
On Mon, Dec 14, 2009 at 09:05:53AM +0000, Phillip O. wrote:
listen 443;
ssl_certificate /etc/ssl/mydomain.pem;
listen 443 ssl; # line 58
listen 80;
…
}
~# nginx -t
[emerg]: a duplicate listen options for 0.0.0.0:443 in
/etc/nginx/vhosts/mydomain.conf:58
configuration file /etc/nginx/nginx.conf test failed
You should define the “ssl” once, and then use it without the “ssl”:
listen 443 ssl;
listen 443;
listen 443;
–
Igor S.
http://sysoev.ru/en/
Igor S. wrote:
ssl on;
Yes:
Configuring HTTPS servers
Configuring HTTPS servers
Thanks. I’ve checked the docs and followed the examples, but I must be
doing something wrong:
~# cat /etc/nginx/vhosts/mydomain.conf
ssl_certificate /etc/ssl/mydomain.pem;
ssl_certificate_key /etc/ssl/mydomain.key;
server {
server_name “~^(css|images|js)(\d)?.mydomain.org$”;
listen 80;
listen 443 ssl;
…
}
server {
server_name ~(\w+).mydomain.org;
listen 80;
listen 443 ssl; # line 58
…
}
server {
server_name secure.mydomain.org;
listen 80;
listen 443 ssl;
…
}
server {
server_name www.mydomain.org;
listen 80;
…
}
~# nginx -t
[emerg]: a duplicate listen options for 0.0.0.0:443 in
/etc/nginx/vhosts/mydomain.conf:58
configuration file /etc/nginx/nginx.conf test failed
~# nginx -V
nginx version: nginx/0.8.29
built by gcc 4.1.2 20071124 (Red Hat 4.1.2-42)
TLS SNI support disabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid
–with-rtsig_module --with-select_module --with-poll_module
–with-http_ssl_module --with-http_stub_status_module
–with-http_gzip_static_module --with-http_flv_module
–with-http_random_index_module
–http-log-path=/var/log/nginx/access.log --with-md5=/usr/lib
–with-sha1=/usr/lib --without-mail_pop3_module
–without-mail_imap_module --without-mail_smtp_module
–with-http_perl_module
On Mon, Dec 14, 2009 at 09:46:58AM +0000, Phillip O. wrote:
Thanks Igor. That’s now working.
Can I ask in which nginx version the directive ssl on;
was deprecated
in favor of listen 443 ssl;
?
It is not considered as deprecated, at least now. If you set “ssl on”
on server level, then requests to *:80 has to be HTTPS too.
As to the “ssl” parameter:
http://nginx.org/en/docs/http/configuring_https_servers.html#compatibility
The “ssl†parameter of the “listen†directive has been supported since
0.7.14.
–
Igor S.
http://sysoev.ru/en/
Igor S. wrote:
You should define the “ssl” once, and then use it without the “ssl”:
listen 443 ssl;
listen 443;
listen 443;
Thanks Igor. That’s now working.
Can I ask in which nginx version the directive ssl on;
was deprecated
in favor of listen 443 ssl;
?