Multiple server definitions with SSL

Igor Sysoev igor at sysoev.ru
Thu Jul 28 06:55:11 UTC 2011


On Tue, Jul 26, 2011 at 10:12:43PM +0400, Maxim Dounin wrote:
> Hello!
> 
> On Tue, Jul 26, 2011 at 05:44:32PM +0100, Ben Lancaster wrote:
> 
> > We recently had a problem where we created a new server 
> > configuration (for http with and without ssl on ports 443 and 80 
> > respectively) on a shared web server which also included a 
> > number of other nginx servers similarly configured. 
> > 
> > Unfortunately, we neglected to include the ssl_certificate and 
> > ssl_certificate_key directives for the new server. So, the 
> > configurations looked something like this:
> 
> [...]
> 
> > Is this expected behaviour? Should nginx -t not have flagged 
> > that there was no default ssl_certificate(_key) directives 
> > defined?
> 
> Probably yes, but this isn't currently done when you define 
> ssl servers with
> 
>     listen ... ssl;
> 
> Using "ssl on;" in separate server definition will give you 
> expected config test error.

I'm going to decprecate "ssl on" directive in favour of "listen ... ssl",
since SSL is rather a port option, but not server one.
The initial "ssl on" was inspired by Apache 1.3.
Apache's "Listen ... https" appeared in somewhere in 2005.


-- 
Igor Sysoev



More information about the nginx mailing list