Multiple SSL listen statements and SNI

Dave Hayes dave at
Fri Nov 11 19:13:01 UTC 2016

On 11/11/2016 10:49, Igor Sysoev wrote:
> Yes, *:443 matches all addresses except explicitly specified in listen directives with the same port 443.

Ah! Thank you very much! This statement cleared up my confusion. I 
didn't see this statement in any documentation, but I could have missed it.

> Consider it as fallback. On FreeBSD you can use “bind” parameter:
> listen  *:443;
> listen bind;
> And there will be two separate sockets: *:443 and
> You can not use “bind” on Linux however if one of listen addresses is (wildcard, *).
> So this configuration without “bind”:
> listen  *:443;
> listen;
> emulates this two separate sockets behaviour in one socket.

Nice to know that, as I do use FreeBSD. I'm still a bit curious; why 
would I want two separate sockets when I am already listening on

At first glance, I'd think the emulation suits my needs more; no sense 
in taking up memory for an extra socket right?
Dave Hayes - Consultant - Altadena CA, USA - dave at
 >>>> *The opinions expressed above are entirely my own* <<<<

Learn to behave from those who cannot.

More information about the nginx mailing list