Is there a Bug in Nginx HttpSslModule ?

Igor Sysoev igor at sysoev.ru
Wed Oct 6 12:51:45 MSD 2010 

On Wed, Oct 06, 2010 at 09:46:19AM +0100, . wrote:

> while using Ubuntu 10.04, nginx 0.8.50-0ubuntu1
> nginx -V
> 	nginx version: nginx/0.8.50
> 	TLS SNI support enabled
> 	configure arguments: --conf-path=/etc/nginx/nginx.conf
> --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid
> --lock-path=/var/lock/nginx.lock
> --http-log-path=/var/log/nginx/access.log
> --http-client-body-temp-path=/var/lib/nginx/body
> --http-proxy-temp-path=/var/lib/nginx/proxy
> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-http_ssl_module
> --without-http_limit_req_module --without-mail_pop3_module
> --without-mail_smtp_module --without-mail_imap_module
> --without-http_uwsgi_module --without-http_scgi_module
> --without-http-cache
> 
> cat /etc/hosts
> 	127.0.0.1 localhost.localdomain localhost pma.example.com
> example.com
> 
> As at http://wiki.nginx.org/HttpSslModule it is said that "Since Nginx
> version 0.7.14 the preferred way of enabling SSL is by using the `ssl`
> parameter of the `listen` directive", 
> I have found 2 working configurations and a 3rd one that should, but
> doesn't work.
> 
> # VERSION 1: this config is good
> server {
> 	listen example.com:443 default_server;
> 	server_name example.com;
> 	ssl  on;
> 	...
> server {
> 	listen pma.example.com:443;
> 	server_name pma.example.com;
> 	ssl  on;
> 	...
> 
> # VERSION 2: this config is good
> server {
> 	listen example.com:443 default_server ssl;
> 	server_name example.com;
> 	#ssl  on;
> 	...
> server {
> 	listen pma.example.com:443;
> 	server_name pma.example.com;
> 	ssl  on;
> 	...
> 
> # VERSION 3: this config gives an ERROR
> server {
> 	listen example.com:443 default_server ssl;
> 	server_name example.com;
> 	#ssl  on;
> 	...
> server {
> 	listen pma.example.com:443 ssl;
> 	server_name pma.example.com;
> 	#ssl  on;
> 	...
> 
> sudo nginx -s reload
> [emerg]: a duplicate listen options for 127.0.0.1:443
> in /etc/nginx/sites-enabled/spma.com:10

You should use 0.8.52:

Changes with nginx 0.8.52                                        28 Sep 2010

    *) Bugfix: nginx used SSL mode for a listen socket if any listen option 
       was set; the bug had appeared in 0.8.51.


Changes with nginx 0.8.51                                        27 Sep 2010

       [...]

    *) Feature: now a listen socket "ssl" parameter may be set several 
       times.


-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list