cert handling on redirect of https subdomains

Igor Sysoev is at rambler-co.ru
Tue Sep 9 10:22:15 MSD 2008


On Tue, Sep 09, 2008 at 05:51:04AM +0000, Martian Alien wrote:

> Hi Nginx Group,
> 
> Just wanted to start off by saying nginx is a rad web server!  Na zdrowie!
> 
> So we've noticed some issues with setting up https ssl certificates over multiple subdomains.
> 
> The base domain (example.com) and the first subdomain (www.example.com) work beautifully:
> 
>   server {
>     listen www.example.com:443 default;
>     server_name www.example.com;
> 
>     ssl on;
>     ssl_certificate /opt/local/nginx/certs/www.example.com.crt; 
>     ssl_certificate_key /opt/local/nginx/certs/www.example.com.key; 
> 
>     location / {
>       # ...
>     }
>   }
> 
>   server {
> 
>     listen www.example.com:80 default;
> 
>     server_name www.example.com;
>     location / {
> 
>       # ...
> 
>     }
> 
>   }
> 
> 
>   server {
>     listen example.com:443;
>     server_name  example.com;
> 
>     ssl on;
>     ssl_certificate /opt/local/nginx/certs/example.com.crt; 
>     ssl_certificate_key /opt/local/nginx/certs/example.com.key; 
> 
>     rewrite ^/(.*) https://www.example.com/$1 permanent;
>   }
> 
>   server {
>     server_name  example.com;
>     rewrite ^/(.*) http://www.example.com/$1 permanent;
>   }
> 
> NOW, If the following is added, the correct SSL cert for api.example.com is not loaded before the redirect, the www.example.com cert is loaded instead:
> 
>   server {
>     listen 127.0.0.1:443;
>     server_name  api.example.com api;
> 
>     ssl on;
>     ssl_certificate /opt/local/nginx/certs/api.example.com.crt; 
>     ssl_certificate_key /opt/local/nginx/certs/api.example.com.key; 
> 
>     rewrite ^/(.*) https://www.example.com/$1 permanent;
>   }
> 
>   server {
>     listen 127.0.0.1:80;
>     server_name  api.example.com api;
>     rewrite ^/(.*) http://www.example.com/$1 permanent;
>   }
> 
> 
> Any ideas on how,  to setup multiple SSL / HTTPS subdomains, each with their own cert in nginx?
> 
> I've tried many conf variants.  At this point, I'm suspecting it is a bug in nginx, but how would that be possible. =)

127.0.0.1 is loopback interface, do you connect to it from outside ?


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list