Multiple SSL certificates
Thomas
iamkenzo at gmail.com
Tue Oct 21 19:58:07 MSD 2008
Port 443 is forwarded from my hypervisor to the Nginx VM. Everything
works fine if I remove the IP in the listen. It's a pretty basic
configuration of Nginx I guess.
nginx.conf:
---
# /usr/local/nginx/conf/nginx.conf
user thomas;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# set sendfile to off on OsX
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
# Hide Nginx version number header
server_tokens off;
log_format main '$remote_addr [$time_local] '
'$http_host "$request" $status $body_bytes_sent
"$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format traffic '$http_host $body_bytes_sent';
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/html text/css
application/x-javascript text/xml application/xml application/xml+rss
text/javascript;
ignore_invalid_headers on;
include /usr/local/nginx/conf/main.conf;
include /usr/local/nginx/conf/webcit.conf;
} # End of http
---
main.conf:
---
upstream main {
server 10.0.0.2:3100 weight=2;
server 10.0.0.2:3101;
}
server {
listen 80 default;
server_name _;
access_log /usr/local/nginx/logs/phishing_attemps.log main;
# Let's rewrite any mysite.com to www.mysite.com in a global catch-all way.
if ($host !~* www\.(.*)) {
rewrite ^(.*) http://www.$host$1 permanent;
}
return 404;
}
server {
listen 80;
server_name www.digiprof.fr;
set $limit_rate 130k;
# Let's set some vars to be DRY
#set $nginx_path /usr/local/nginx/logs;
set $rails_path /home/thomas/rails_apps;
access_log /usr/local/nginx/logs/traffic.log traffic;
access_log /usr/local/nginx/logs/access.main.log main;
error_log /usr/local/nginx/logs/error.main.log notice;
location / {
root $rails_path//public/$host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
if (-f $request_filename) {
break;
}
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://main;
break;
}
} # End of the location /
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root $rails_path/public/$host;
} # End of /50x location
} # End of server
server {
listen www.digiprof.fr:443;
server_name www.digiprof.fr;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl_certificates/www.digiprof.fr.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl_certificates/server.key;
keepalive_timeout 70; # reduce server load
set $rails_path /home/thomas/rails_apps;
location / {
# Compulsory for HTTPS
proxy_set_header X_FORWARDED_PROTO https;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
root $rails_path/public/$host;
# Compulsory for serving relatively linked images and stylesheets
if (!-f $request_filename) {
proxy_pass http://main;
break;
}
} # End of location /
} # End of server 443
-----
webcit.conf:
-----------
upstream webcit {
server 10.0.0.4:2000;
}
server {
listen 80;
server_name www.digiprof.eu;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen www.digiprof.eu:443;
server_name www.digiprof.eu;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl_certificates/self_signed.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl_certificates/server.key;
keepalive_timeout 70; # reduce server load
location / {
proxy_set_header X_FORWARDED_PROTO https;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://webcit;
}
}
More information about the nginx
mailing list