Why can't I use the "ssl" modified on more than one listen statement?
Maxim Dounin
mdounin at mdounin.ru
Tue Sep 21 20:04:46 MSD 2010
Hello!
On Tue, Sep 21, 2010 at 11:39:46AM -0400, portante wrote:
> Hi,
>
> The following is an example of how we would like to run our
> configuration.
>
> [code]
> ssl_certificate common.crt;
> ssl_certificate_key common.key;
>
> server {
> listen 80;
> server_name www.nginx.org;
> ...
> }
>
> server {
> listen 443 default ssl;
> server_name secure.nginx.org;
> ...
> }
>
> server {
> listen 80;
> listen 443 ssl;
> server_name images.nginx.org;
> include images.location;
> }
> [/code]
>
> We encounter the following error trying to install the configuration:
> [code]
> [emerg]: a duplicate listen options for 0.0.0.0:443 in
> /usr/local/etc/nginx/projects/proj.conf:19
> [/code]
>
> All of the server names are CNAMEs of one IP address.
>
> If I do the following, it works:
>
> [code]
> ssl_certificate common.crt;
> ssl_certificate_key common.key;
>
> server {
> listen 80;
> server_name www.nginx.org;
> ...
> }
>
> server {
> listen 443 default ssl;
> server_name secure.nginx.org;
> ...
> }
>
> server {
> listen 80;
> server_name images.nginx.org;
> include images.location;
> }
>
> server {
> listen 443;
> ssl on;
> server_name images.nginx.org;
> include images.location;
> }
> [/code]
>
> Why can I not specify like the first example above?
Socket can't be in ssl mode for some servers and in non-ssl for
others, so there is no need to specify "ssl" argument for
non-default servers. I.e. this will work with ssl in both
servers:
server {
listen 443 default ssl;
...
}
server {
listen 443;
...
}
In your first configuration nginx was able to detect that you used
meaningless "ssl" argument in second server and complained. In
second configuration it wasn't able to detect meaningless "ssl
on;" statement. This is the only difference.
Maxim Dounin
More information about the nginx
mailing list