Multiple SSL listen statements and SNI
Dave Hayes
dave at jetcafe.org
Fri Nov 11 19:13:01 UTC 2016
On 11/11/2016 10:49, Igor Sysoev wrote:
> Yes, *:443 matches all addresses except explicitly specified in listen directives with the same port 443.
Ah! Thank you very much! This statement cleared up my confusion. I
didn't see this statement in any documentation, but I could have missed it.
> Consider it as fallback. On FreeBSD you can use “bind” parameter:
>
> listen *:443;
> listen 127.0.0.81:443 bind;
>
> And there will be two separate sockets: *:443 and 127.0.0.81:443.
> You can not use “bind” on Linux however if one of listen addresses is 0.0.0.0 (wildcard, *).
>
> So this configuration without “bind”:
>
> listen *:443;
> listen 127.0.0.81:443;
>
> emulates this two separate sockets behaviour in one 0.0.0.0:443 socket.
Nice to know that, as I do use FreeBSD. I'm still a bit curious; why
would I want two separate sockets when I am already listening on 0.0.0.0?
At first glance, I'd think the emulation suits my needs more; no sense
in taking up memory for an extra socket right?
--
Dave Hayes - Consultant - Altadena CA, USA - dave at jetcafe.org
>>>> *The opinions expressed above are entirely my own* <<<<
Learn to behave from those who cannot.
More information about the nginx
mailing list