Hi everyone,
I have a rather strange issue.
I have a server with 3 configured urls:
example.com (+ ssl)
shop.example.com (+ ssl)
example2.com (- ssl)
If I now open https://example2.com the server of
https://shop.example.com is used.
My config looks like this:
https://gist.github.com/apfelbox/c13a226633a7df92e3fe
Does anybody have an idea?
Thanks and Regards
Jannik Zschiesche
Hi,
sorry, wrong link.
Here is the correct one:
https://gist.github.com/apfelbox/94c74ab9c515ee906e6b
Regards
Jannik
–
Mit freundlichen Grüßen
Jannik Zschiesche
Am Mittwoch, 10. Juli 2013 um 09:40 schrieb Jannik Zschiesche:
On 10 Jul 2013 08:41, “Jannik Zschiesche” [email protected] wrote:
If I now open https://example2.com the server of https://shop.example.comis
used.My config looks like this:
https://gist.github.com/apfelbox/c13a226633a7df92e3feDoes anybody have an idea?
This is due to you having only one IP listening for ssl traffic. It’s a
fundamental limitation of ssl when not used with SNI.
To fix it, you’ll need to either use more IPs and listen explicitly on
different ones for different virtual hosts, or use SNI, or use a
wildcard
(or UCC/SaN) certificate. The first fix is by far the most common for
people in your situation.
HTH,
Jonathan
Am Mittwoch, 10. Juli 2013 um 09:54 schrieb Jonathan M.:
This is due to you having only one IP listening for ssl traffic. It’s a
fundamental limitation of ssl when not used with SNI.
To fix it, you’ll need to either use more IPs and listen explicitly on different
ones for different virtual hosts, or use SNI, or use a wildcard (or UCC/SaN)
certificate. The first fix is by far the most common for people in your situation.
HTH,
Jonathan
Hi,
thank you both.
Actually, I have SNI enabled.
https://example.com
and
https://shop.example.com
both work correctly (so SNI works).
The issue is with the nonexistent SSL server for example2.com.
It seems, that if a SSL server for a domain is not configured, another
server is used (instead of error-ing out). Is this correct?
On Jul 10, 2013, at 11:40 , Jannik Zschiesche wrote:
If I now open https://example2.com the server of https://shop.example.com is
used.
http://nginx.org/en/docs/http/configuring_https_servers.html#name_based_https_servers
It seems, that if a SSL server for a domain is not configured, another
server is used (instead of error-ing out). Is this correct?
Yes, the default/first server.
The “error-ing out” (with option to proceed anyway) usually happens on
the
client side/browser which checks that the host name doesn’t match the
server
SSL certificate.
rr
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs