SSL Questions


#1

Good day one and all. I would like to ask some specific SSL questions
that
I am sure will be easy enough.
SSL has the requirement that only certificate can be loaded per IP
address.

With that in mind can nginx handle hosting multiple virtual host SSL
sites
all listening to on IP’s?

And can I accept a “https://myhost.com/” and then load balance (proxy)
that
internally to normal “http://” backends?

Thanks

a


#2

Hello Alan,

Alan W. wrote:

that internally to normal “http://” backends?
I’ve only been testing out nginx for about a week. This is my plan as
well. So far, I have this working with two IPs (one IP virtual host and
the main IP) on a couple of development systems.

Pretty easy once I read the documentation right.

I’m using an rpm for Fedora from the EPEL repository on CentOS 5. This
seems to have a few things compiled in – like SSL support – that the
nginx docs suggest are not the default compile, but which have made life
easier.

Take care,

Kurt Hansen


#3

On Wed, Feb 18, 2009 at 06:57:37AM +0000, Alan W. wrote:

Good day one and all. I would like to ask some specific SSL questions that
I am sure will be easy enough.
SSL has the requirement that only certificate can be loaded per IP address.

With that in mind can nginx handle hosting multiple virtual host SSL sites
all listening to on IP’s?

nginx can, but browsers would certainly not like this.

There is some workarounds, however:

http://wiki.cacert.org/wiki/VhostTaskForce
http://en.wikipedia.org/wiki/Server_Name_Indication

And can I accept a “https://myhost.com/” and then load balance (proxy) that
internally to normal “http://” backends?

Yes.


#4

On Wed, Feb 18, 2009 at 02:22:32PM +0000, Alan W. wrote:

What i meant to say, multiple IP addresses — one per SSL site.
Will browsers work with that?

Yes, of course.


#5

What i meant to say, multiple IP addresses — one per SSL site.
Will browsers work with that?


#6

Igor S. wrote:

nginx can, but browsers would certainly not like this.

There is some workarounds, however:

http://wiki.cacert.org/wiki/VhostTaskForce
http://en.wikipedia.org/wiki/Server_Name_Indication

I think he means multiple IPs, not just one. Though the “on IP’s” is
ambiguous. Alan could have meant one IP, and I read it the other way
because it is what I’m planning on doing.

Did you mean one IP or multiple, Alan?

Take care,

Kurt