Any chance to allow
listen 443 ssl;
this is, NO “default”, if SNI is available?
Thanks,
Gerardo
Posted at Nginx Forum:
Igor S. Wrote:
since 0.8.21 nginx
server_name _;
nginx Info Page
That’s what I meant, yes, thanks. (using 0.7.x)
Want to use
listen 80
listen 443 ssl
for more than 1 server name.
Thanks,
Gerardo
Posted at Nginx Forum:
On Wed, Dec 02, 2009 at 04:20:14AM -0500, GerMalaz wrote:
Any chance to allow
listen 443 ssl;
this is, NO “default”, if SNI is available?
I do not understand what do you want to reach, but since 0.8.21 nginx
allows to set listen socket options and features not in default server:
server {
listen 443 ssl;
server_name name;
}
server {
listen 443 default_server;
server_name _;
}
–
Igor S.
http://sysoev.ru/en/
On Wed, Dec 02, 2009 at 01:33:00PM +0300, Maxim D. wrote:
this is, NO “default”, if SNI is available?
listen 443 default_server;
server {
listen 8443 ssl;
server_name y;
}We use distinct ips in production, but on testing server there is
only 1 ip available and our configuration flattens to something
like the above. So we have to use separate ssl servers and
activate ssl via ssl on; instead.
Yuo may use
server {
listen 8443 ssl;
server_name x;
}
server {
listen 8443;
server_name y;
}
Think of the “ssl” flag as a socket option (although it’s not), because
you can not do non-SSL request on SSL enabled port.
–
Igor S.
http://sysoev.ru/en/
Hello!
On Wed, Dec 02, 2009 at 01:41:51PM +0300, Igor S. wrote:
listen 443 ssl;
server_name x;Think of the “ssl” flag as a socket option (although it’s not), because
you can not do non-SSL request on SSL enabled port.
Yes, I understand. The problem is that config is generated from
template like this:
server {
listen %ip1%:8443 ssl;
server_name x;
}
server {
listen %ip2%:8443 ssl;
server_name y;
}
It works for ip1 != ip2 case, but fails when ip1 == ip2. Using
instead
server {
listen %ip1%:8443;
server_name x;
ssl on;
}
server {
listen %ip2%:8443;
server_name y;
ssl on;
}
works ok in both cases (ip1 == ip2, ip1 != ip2).
I’m not sure we want to fix it, but probably only cheking for
conflicts is a good idea.
Maxim D.
On Wed, Dec 02, 2009 at 01:43:15PM -0500, GerMalaz wrote:
server {nginx mailing list
for more than 1 server name.
server {
listen 80;
listen 443; # it will be SSL anyway
}
server {
listen 80;
listen 443 default ssl;
}
–
Igor S.
http://sysoev.ru/en/
Hello!
On Wed, Dec 02, 2009 at 01:15:11PM +0300, Igor S. wrote:
server { listen 443 ssl; server_name name; } server { listen 443 default_server; server_name _; }
BTW, the problem with listen … ssl that bugs me is that one
can’t do something like this:
server {
listen 8443 ssl;
server_name x;
}
server {
listen 8443 ssl;
server_name y;
}
We use distinct ips in production, but on testing server there is
only 1 ip available and our configuration flattens to something
like the above. So we have to use separate ssl servers and
activate ssl via ssl on; instead.
Maxim D.