cert handling on redirect of https subdomains

Martian Alien ufospy at hotmail.com
Tue Sep 9 09:51:04 MSD 2008 

Hi Nginx Group,

Just wanted to start off by saying nginx is a rad web server!  Na zdrowie!

So we've noticed some issues with setting up https ssl certificates over multiple subdomains.

The base domain (example.com) and the first subdomain (www.example.com) work beautifully:

  server {
    listen www.example.com:443 default;
    server_name www.example.com;

    ssl on;
    ssl_certificate /opt/local/nginx/certs/www.example.com.crt; 
    ssl_certificate_key /opt/local/nginx/certs/www.example.com.key; 

    location / {
      # ...
    }
  }

  server {

    listen www.example.com:80 default;

    server_name www.example.com;
    location / {

      # ...

    }

  }


  server {
    listen example.com:443;
    server_name  example.com;

    ssl on;
    ssl_certificate /opt/local/nginx/certs/example.com.crt; 
    ssl_certificate_key /opt/local/nginx/certs/example.com.key; 

    rewrite ^/(.*) https://www.example.com/$1 permanent;
  }

  server {
    server_name  example.com;
    rewrite ^/(.*) http://www.example.com/$1 permanent;
  }

NOW, If the following is added, the correct SSL cert for api.example.com is not loaded before the redirect, the www.example.com cert is loaded instead:

  server {
    listen 127.0.0.1:443;
    server_name  api.example.com api;

    ssl on;
    ssl_certificate /opt/local/nginx/certs/api.example.com.crt; 
    ssl_certificate_key /opt/local/nginx/certs/api.example.com.key; 

    rewrite ^/(.*) https://www.example.com/$1 permanent;
  }

  server {
    listen 127.0.0.1:80;
    server_name  api.example.com api;
    rewrite ^/(.*) http://www.example.com/$1 permanent;
  }


Any ideas on how,  to setup multiple SSL / HTTPS subdomains, each with their own cert in nginx?

I've tried many conf variants.  At this point, I'm suspecting it is a bug in nginx, but how would that be possible. =)

Thanks,
Martian


_________________________________________________________________
Stay up to date on your PC, the Web, and your mobile phone with Windows Live.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093185mrt/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20080909/f0c1679b/attachment.html>

More information about the nginx mailing list