Multiple ssl certs for the same IP?

Rt Ibmer rtibmx at yahoo.com
Sun May 4 20:54:41 MSD 2008 

I have foo.mydomain.com and bar.mydomain.com that both resolve to the same IP, which is answered by nginx.

Now I want to add SSL support to nginx so that it'll receive requests over ssl 443 for both fully qualified domains while still communicating with my backends over regular http (non-ssl).

So I will get two SSL certificates - one for foo.mydomain.com and the other for bar.mydomain.com.  However according to the config file the SSL settings for the key files are defined at the "server" declaration-block level.  And in my case I have just one "server" block that is used for both foo.mydomain.com and bar.mydomain.com.

So my question is regarding these such settings:
        ssl                  on;
        ssl_certificate      cert.pem;
        ssl_certificate_key  cert.key;

How can I tell nginx to use the pem and keyfiles for foo.mydomain.com AND bar.mydomain.com when the same "server" is listening for both FQDN domains (remember, both FQDN's resolve to the same IP and it will stay that way for some time to come.  Over time I may split these out).

Also it may be important to mention that I am NOT doing anything with virtual servers or host headers.  Rather, nginx routes the requests for both FQDNs solely by using the nginx "location" directive to serve content based on the path to the requested file.

So in summary, I get some requests like this:
  http://foo.mydomain.com/some/path/file.gif
and
  http://bar.mydomain.com/some/other/path/file.htm

and bar and foo resolve to the same IP and nginx serves both based on that IP and location matches, in some cases passing requests to upstream servers and in other cases serving the content itself.  And now I need to add SSL support using two signed certificates and have nginx use the correct one when requests come in. I hope I have explained this ok!

Thanks!!


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the nginx mailing list