SSL, multiple server blocks, same domain?

If one has a wildcard SSL certificate (*.mydomain.org), is it possible
to use that with many server blocks on the same server?

For instance, if one has both a www. (http) and secure. (https) and
wants to serve images from a subdomain for both servers, is this
possible:

server {
server_name www.mydomain.org;
listen 80;
}

server {
server_name secure.mydomain.org;
listen 443;
ssl on;
ssl_certificate /etc/ssl/mydomain.pem;
ssl_certificate_key /etc/ssl/mydomain.key;
}

server {
server_name images.mydomain.org;
listen 80;
listen 443;
ssl on;
ssl_certificate /etc/ssl/mydomain.pem;
ssl_certificate_key /etc/ssl/mydomain.key;
}

On Fri, Dec 11, 2009 at 03:03:41PM +0000, Phillip O. wrote:

listen 80;
listen 443;
ssl on;
  • listen 443;
    
  • ssl on;
    
  • listen 443  ssl;
    
ssl_certificate /etc/ssl/mydomain.pem;
ssl_certificate_key /etc/ssl/mydomain.key;

}

Yes:

http://nginx.org/en/docs/http/configuring_https_servers.html#certificate_with_several_names
http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server


Igor S.
http://sysoev.ru/en/

On Mon, Dec 14, 2009 at 09:05:53AM +0000, Phillip O. wrote:

listen 443;

ssl_certificate /etc/ssl/mydomain.pem;
listen 443 ssl; # line 58
listen 80;

}

~# nginx -t
[emerg]: a duplicate listen options for 0.0.0.0:443 in
/etc/nginx/vhosts/mydomain.conf:58
configuration file /etc/nginx/nginx.conf test failed

You should define the “ssl” once, and then use it without the “ssl”:

listen 443 ssl;

listen 443;

listen 443;


Igor S.
http://sysoev.ru/en/

Igor S. wrote:

ssl on;

Yes:

Configuring HTTPS servers
Configuring HTTPS servers

Thanks. I’ve checked the docs and followed the examples, but I must be
doing something wrong:

~# cat /etc/nginx/vhosts/mydomain.conf
ssl_certificate /etc/ssl/mydomain.pem;
ssl_certificate_key /etc/ssl/mydomain.key;
server {
server_name “~^(css|images|js)(\d)?.mydomain.org$”;
listen 80;
listen 443 ssl;

}
server {
server_name ~(\w+).mydomain.org;
listen 80;
listen 443 ssl; # line 58

}
server {
server_name secure.mydomain.org;
listen 80;
listen 443 ssl;

}
server {
server_name www.mydomain.org;
listen 80;

}

~# nginx -t
[emerg]: a duplicate listen options for 0.0.0.0:443 in
/etc/nginx/vhosts/mydomain.conf:58
configuration file /etc/nginx/nginx.conf test failed

~# nginx -V
nginx version: nginx/0.8.29
built by gcc 4.1.2 20071124 (Red Hat 4.1.2-42)
TLS SNI support disabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid
–with-rtsig_module --with-select_module --with-poll_module
–with-http_ssl_module --with-http_stub_status_module
–with-http_gzip_static_module --with-http_flv_module
–with-http_random_index_module
–http-log-path=/var/log/nginx/access.log --with-md5=/usr/lib
–with-sha1=/usr/lib --without-mail_pop3_module
–without-mail_imap_module --without-mail_smtp_module
–with-http_perl_module

On Mon, Dec 14, 2009 at 09:46:58AM +0000, Phillip O. wrote:

Thanks Igor. That’s now working.

Can I ask in which nginx version the directive ssl on; was deprecated
in favor of listen 443 ssl;?

It is not considered as deprecated, at least now. If you set “ssl on”
on server level, then requests to *:80 has to be HTTPS too.

As to the “ssl” parameter:
http://nginx.org/en/docs/http/configuring_https_servers.html#compatibility
The “ssl” parameter of the “listen” directive has been supported since
0.7.14.


Igor S.
http://sysoev.ru/en/

Igor S. wrote:

You should define the “ssl” once, and then use it without the “ssl”:

listen 443 ssl;

listen 443;

listen 443;

Thanks Igor. That’s now working.

Can I ask in which nginx version the directive ssl on; was deprecated
in favor of listen 443 ssl;?