IPv6, HTTPS, and SNI

Nikolai Lusan nikolai at lusan.id.au
Mon Dec 7 10:00:40 UTC 2015


Hi,

I am having in issue using https with multiple sites on ipv6 (nominally
SNI). If I declare more than one listen directive for ipv6 on port 443
nginx refuses to start. The ipv4 configuration is fine, it's only an
issue with ipv6.

Nginx details:

  nginx version: nginx/1.9.7
  built by gcc 4.9.2
  built with OpenSSL 1.0.1k 8 Jan 2015
  TLS SNI support enabled

Configuration looks like:

server {
    listen              80
    listen              [::]:80;
    listen              443 ssl;
    listen              [::]:443 ssl;
    server_name         my_site.com;
    ssl_certificate     my_site.com.crt;
    ssl_certificate_key my_site.com.key;
    ...
}
server {
    listen              80;
    listen              [::]:80;
    listen              443 ssl;
    listen              [::]:443 ssl;
    server_name         your_site.com;
    ssl_certificate     your_site.com.crt;
    ssl_certificate_key your_site.com.key;
    ...
}

Does anyone have an idea on why this might be occurring? In theory ipv6
shouldn't make a difference, and it sure as heck doesn't make a
difference to the ipv4 configuration.

-- 
Nikolai Lusan <nikolai at lusan.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151207/b4105c03/attachment.bin>


More information about the nginx mailing list