[PATCH v2] uwsgi over ssl
Roberto De Ioris
roberto at unbit.it
Wed Dec 4 15:55:53 UTC 2013
> Hello!
>
> On Tue, Nov 19, 2013 at 11:24:50AM +0100, Roberto De Ioris wrote:
>
>> Hi, this is a new patch for uwsgi over ssl support aimed at nginx 1.5.x
>>
>> It now exposes 4 options:
>>
>> uwsgi_ssl
>>
>> uwsgi_ssl_session_reuse
>>
>> uwsgi_ssl_protocols
>>
>> uwsgi_ssl_ciphers
>
> Sorry for long delay. I've looked into this, and I tend to think
> that "uwsgi_ssl" is a wrong aproach. E.g., consider the following
> configuration:
>
> location / {
> uwsgi_pass upstream1;
> uwsgi_ssl on;
>
> location /nested/ {
> uwsgi_pass upstream2;
> uwsgi_ssl_protocols TLSv2;
> }
> }
>
> Requests to upstream2 will use SSL, but uwsgi_ssl_protocols won't
> have any effect. While this is easy to fix, this is certainly
> counter-intuitive.
>
> Instead, I think it would be better to use something like this:
>
> uwsgi_pass uwsgis://upstream;
>
in uWSGI it is marked as "suwsgi" (secure uwsgi), so i think it would be
better to call it in the same way ;)
A part from this it is +1 for me
--
Roberto De Ioris
http://unbit.it
More information about the nginx-devel
mailing list