[PATCH v2] uwsgi over ssl

Roberto De Ioris roberto at unbit.it
Wed Dec 4 15:55:53 UTC 2013


> Hello!
>
> On Tue, Nov 19, 2013 at 11:24:50AM +0100, Roberto De Ioris wrote:
>
>> Hi, this is a new patch for uwsgi over ssl support aimed at nginx 1.5.x
>>
>> It now exposes 4 options:
>>
>> uwsgi_ssl
>>
>> uwsgi_ssl_session_reuse
>>
>> uwsgi_ssl_protocols
>>
>> uwsgi_ssl_ciphers
>
> Sorry for long delay.  I've looked into this, and I tend to think
> that "uwsgi_ssl" is a wrong aproach.  E.g., consider the following
> configuration:
>
>     location / {
>         uwsgi_pass upstream1;
>         uwsgi_ssl on;
>
>         location /nested/ {
>             uwsgi_pass upstream2;
>             uwsgi_ssl_protocols TLSv2;
>         }
>     }
>
> Requests to upstream2 will use SSL, but uwsgi_ssl_protocols won't
> have any effect.  While this is easy to fix, this is certainly
> counter-intuitive.
>
> Instead, I think it would be better to use something like this:
>
>     uwsgi_pass uwsgis://upstream;
>

in uWSGI it is marked as "suwsgi" (secure uwsgi), so i think it would be
better to call it in the same way ;)

A part from this it is +1 for me

-- 
Roberto De Ioris
http://unbit.it



More information about the nginx-devel mailing list