Forum: NGINX SSL Questions

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
56cce0fd496fa243a8bd9267876f8551?d=identicon&s=25 Alan Williamson (Guest)
on 2009-02-18 08:06
(Received via mailing list)
Good day one and all.   I would like to ask some specific SSL questions
that
I am sure will be easy enough.
SSL has the requirement that only certificate can be loaded per IP
address.

With that in mind can nginx handle hosting multiple virtual host SSL
sites
all listening to on IP's?

And can I accept a "https://myhost.com/" and then load balance (proxy)
that
internally to normal "http://" backends?

Thanks

a
Ed73662bc247c5f8dd7db8fcc646fb27?d=identicon&s=25 Kurt Hansen (Guest)
on 2009-02-18 14:58
(Received via mailing list)
Hello Alan,

Alan Williamson wrote:
> that internally to normal "http://" backends?
I've only been testing out nginx for about a week. This is my plan as
well. So far, I have this working with two IPs (one IP virtual host and
the main IP) on a couple of development systems.

Pretty easy once I read the documentation right.

I'm using an rpm for Fedora from the EPEL repository on CentOS 5. This
seems to have a few things compiled in -- like SSL support -- that the
nginx docs suggest are not the default compile, but which have made life
easier.

Take care,

Kurt Hansen
5640e332954fc0006aea97a155ce0afd?d=identicon&s=25 Igor Sysoev (Guest)
on 2009-02-18 15:06
(Received via mailing list)
On Wed, Feb 18, 2009 at 06:57:37AM +0000, Alan Williamson wrote:

> Good day one and all.   I would like to ask some specific SSL questions that
> I am sure will be easy enough.
> SSL has the requirement that only certificate can be loaded per IP address.
>
> With that in mind can nginx handle hosting multiple virtual host SSL sites
> all listening to on IP's?

nginx can, but browsers would certainly not like this.

There is some workarounds, however:

http://wiki.cacert.org/wiki/VhostTaskForce
http://en.wikipedia.org/wiki/Server_Name_Indication

> And can I accept a "https://myhost.com/" and then load balance (proxy) that
> internally to normal "http://" backends?

Yes.
56cce0fd496fa243a8bd9267876f8551?d=identicon&s=25 Alan Williamson (Guest)
on 2009-02-18 15:32
(Received via mailing list)
What i meant to say, multiple IP addresses --- one per SSL site.
Will browsers work with that?
5640e332954fc0006aea97a155ce0afd?d=identicon&s=25 Igor Sysoev (Guest)
on 2009-02-18 15:37
(Received via mailing list)
On Wed, Feb 18, 2009 at 02:22:32PM +0000, Alan Williamson wrote:

> What i meant to say, multiple IP addresses --- one per SSL site.
> Will browsers work with that?

Yes, of course.
Ed73662bc247c5f8dd7db8fcc646fb27?d=identicon&s=25 Kurt Hansen (Guest)
on 2009-02-18 16:07
(Received via mailing list)
Igor Sysoev wrote:
>
> nginx can, but browsers would certainly not like this.
>
> There is some workarounds, however:
>
> http://wiki.cacert.org/wiki/VhostTaskForce
> http://en.wikipedia.org/wiki/Server_Name_Indication
>
>
I think he means multiple IPs, not just one. Though the "on IP's" is
ambiguous. Alan could have meant one IP, and I read it the other way
because it is what I'm planning on doing.

Did you mean one IP or multiple, Alan?

Take care,

Kurt
This topic is locked and can not be replied to.