Issue with VirtualHost definition order and SNI SSL
linmiao.xu at jhu.edu
Fri Oct 9 22:22:29 MSD 2009
When running SSL on more than one virtual host (one IP), I get a weird issue
when virtual hosts are defined in different orders. One virtual host is a
TLD (example.com), and one is an alias I set in /etc/hosts (alias). Both use
their own certificates and work fine when I define them in this order:
But when I reverse the order, both hosts try to use (alias)'s certificate,
so I get an ssl warning when trying to connect to (example.com).
In both cases, I use "listen 443" and server_name is set as (example.com)
and (alias). I don't listen on 443 except in virtual hosts, all with
server_name defined. When I use "listen 443 default ssl" instead of "listen
443" for (example.com), this problem goes away. It looks like nginx takes
the first virtual host that listens on 443 if I try to connect to the server
on a host that isn't listening on 443.
But I still don't understand.. both of the above are valid hosts, so why
does the order in which I include the virtual hosts cause different results?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx