Multiple SSL certificates

Thomas iamkenzo at gmail.com
Tue Oct 21 19:58:07 MSD 2008


Port 443 is forwarded from my hypervisor to the Nginx VM. Everything
works fine if I remove the IP in the listen. It's a pretty basic
configuration of Nginx I guess.

nginx.conf:
---
# /usr/local/nginx/conf/nginx.conf

user  thomas;
worker_processes  1;

events {
 worker_connections  1024;
}

http {
 include             mime.types;
 default_type        application/octet-stream;

 # set sendfile to off on OsX
 sendfile            on;
 tcp_nopush          on;
 keepalive_timeout   65;

 # Hide Nginx version number header
 server_tokens       off;

 log_format main '$remote_addr [$time_local] '
                 '$http_host "$request" $status $body_bytes_sent
"$http_referer" '
                 '"$http_user_agent" "$http_x_forwarded_for"';

 log_format traffic '$http_host $body_bytes_sent';

 gzip                on;
 gzip_http_version   1.0;
 gzip_comp_level     2;
 gzip_proxied        any;
 gzip_types          text/plain text/html text/css
application/x-javascript text/xml application/xml application/xml+rss
text/javascript;

 ignore_invalid_headers  on;

 include /usr/local/nginx/conf/main.conf;
 include /usr/local/nginx/conf/webcit.conf;
} # End of http
---


main.conf:
---
upstream main {
 server 10.0.0.2:3100 weight=2;
 server 10.0.0.2:3101;
}

server {
 listen 80 default;
 server_name _;
 access_log  /usr/local/nginx/logs/phishing_attemps.log main;

 # Let's rewrite any mysite.com to www.mysite.com in a global catch-all way.
 if ($host !~* www\.(.*)) {
   rewrite ^(.*) http://www.$host$1 permanent;
 }

 return 404;
}

server {
 listen              80;
 server_name         www.digiprof.fr;

 set $limit_rate     130k;

 # Let's set some vars to be DRY
 #set $nginx_path /usr/local/nginx/logs;
 set $rails_path /home/thomas/rails_apps;

 access_log  /usr/local/nginx/logs/traffic.log traffic;
 access_log  /usr/local/nginx/logs/access.main.log main;
 error_log /usr/local/nginx/logs/error.main.log notice;

 location / {
   root                $rails_path//public/$host;

   proxy_redirect      off;
   proxy_set_header    X-Real-IP $remote_addr;
   proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header    Host $http_host;

   if (-f $request_filename) {
     break;
   }

   if (-f $request_filename/index.html) {
     rewrite (.*) $1/index.html break;
   }

   if (-f $request_filename.html) {
     rewrite (.*) $1.html break;
   }

   if (!-f $request_filename) {
     proxy_pass http://main;
     break;
   }
 } # End of the location /

 error_page 500 502 503 504 /50x.html;
 location = /50x.html {
   root          $rails_path/public/$host;
 } # End of /50x location

} # End of server

server {
 listen              www.digiprof.fr:443;
 server_name         www.digiprof.fr;

 ssl on;
 ssl_certificate     /usr/local/nginx/conf/ssl_certificates/www.digiprof.fr.crt;
 ssl_certificate_key /usr/local/nginx/conf/ssl_certificates/server.key;
 keepalive_timeout   70; # reduce server load

 set $rails_path     /home/thomas/rails_apps;

 location / {
   # Compulsory for HTTPS
   proxy_set_header  X_FORWARDED_PROTO https;
   proxy_redirect    off;
   proxy_set_header  X-Real-IP $remote_addr;
   proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header  Host $http_host;

   root        $rails_path/public/$host;

   # Compulsory for serving relatively linked images and stylesheets
   if (!-f $request_filename) {
     proxy_pass http://main;
     break;
   }
 } # End of location /
} # End of server 443
-----


webcit.conf:
-----------
upstream webcit {
 server 10.0.0.4:2000;
}

server {
 listen        80;
 server_name   www.digiprof.eu;
 rewrite ^(.*) https://$host$1 permanent;
}

server {
 listen      www.digiprof.eu:443;
 server_name www.digiprof.eu;

 ssl on;
 ssl_certificate     /usr/local/nginx/conf/ssl_certificates/self_signed.crt;
 ssl_certificate_key /usr/local/nginx/conf/ssl_certificates/server.key;
 keepalive_timeout   70; # reduce server load

 location / {
   proxy_set_header  X_FORWARDED_PROTO https;
   proxy_redirect      off;
   proxy_set_header    X-Real-IP $remote_addr;
   proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header    Host $http_host;

   proxy_pass http://webcit;
 }
}





More information about the nginx mailing list