nginx-0.7.14
Igor Sysoev
is at rambler-co.ru
Wed Sep 3 17:43:54 MSD 2008
On Thu, Sep 04, 2008 at 12:39:00AM +1100, CryptWizard wrote:
> No need to re-specify the certificates and stuff?
No, you need to repeat them, or you may set all SSL directives on http level.
However, you need special wildcard certificate or certificate with
alternative name, if you want to use name-based SSL hosts.
> On Wed, Sep 3, 2008 at 11:57 PM, Igor Sysoev <is at rambler-co.ru> wrote:
> > On Wed, Sep 03, 2008 at 11:53:09PM +1100, CryptWizard wrote:
> >
> >> So does that mean that on my non-default servers I can just add listen
> >> 443; to it and it will work, and I still don't need two server blocks
> >> for each actual server+
> >
> > Yes:
> >
> > server {
> > listen 80;
> > listen 443 default ssl;
> > }
> >
> > server {
> > listen 80;
> > listen 443; # it will be SSL too
> > }
> >
> >> On Wed, Sep 3, 2008 at 11:29 PM, Igor Sysoev <is at rambler-co.ru> wrote:
> >> > On Wed, Sep 03, 2008 at 11:19:00PM +1100, CryptWizard wrote:
> >> >
> >> >> Aww...
> >> >> Can you make it work for non-default listen directives as well?
> >> >
> >> > "listen default" means that you define listen(2) and bind(2) parameters.
> >> > "ssl" is not listen/bind(2) parameter, but anyway all servers listening
> >> > on this port must accept SSL connections only.
> >> >
> >> >> On Tue, Sep 2, 2008 at 5:05 PM, Igor Sysoev <is at rambler-co.ru> wrote:
> >> >> > On Tue, Sep 02, 2008 at 08:45:07AM +1000, CryptWizard wrote:
> >> >> >
> >> >> >> That's excellent.
> >> >> >> Now I don't need to have 2 almost identical server blocks and make
> >> >> >> changes in 2 places every time.
> >> >> >> Just waiting for the FreeBSD port to come out.
> >> >> >
> >> >> > This is recommended for sites where difference between HTTP and HTTPS
> >> >> > is small as comprared to whole sites configuration:
> >> >> >
> >> >> > server {
> >> >> > listen 80;
> >> >> > listen 443 default ssl;
> >> >> >
> >> >> > server_name www.example.com;
> >> >> >
> >> >> > ssl_certificate /path/to/cert;
> >> >> > ssl_certificate_key /path/to/key;
> >> >> >
> >> >> > location / {
> >> >> > ...
> >> >> > }
> >> >> >
> >> >> > location /ssl/only/dir/ {
> >> >> > if ($scheme = http) {
> >> >> > rewrite ^(.+)$ https://www.example.com$1;
> >> >> > }
> >> >> > ...
> >> >> > }
> >> >> >
> >> >> > }
> >> >> >
> >> >> >
> >> >> >
> >> >> >> On Tue, Sep 2, 2008 at 8:33 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> >> >> >> > Hello!
> >> >> >> >
> >> >> >> > On Tue, Sep 02, 2008 at 08:07:57AM +1000, CryptWizard wrote:
> >> >> >> >
> >> >> >> >>> *) Feature: the "listen" directive supports the "ssl" parameter.
> >> >> >> >>
> >> >> >> >> How is it used? Is there an example available?
> >> >> >> >
> >> >> >> > In russian it's here:
> >> >> >> > http://www.sysoev.ru/nginx/docs/http/ngx_http_core_module.html#listen
> >> >> >> >
> >> >> >> > server {
> >> >> >> > listen 80;
> >> >> >> > listen 443 ssl;
> >> >> >> >
> >> >> >> > ...
> >> >> >> > }
> >> >> >> >
> >> >> >> > It allows using the same server{} for http and https.
> >> >> >> >
> >> >> >> > Maxim Dounin
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Igor Sysoev
> >> >> > http://sysoev.ru/en/
> >> >> >
> >> >> >
> >> >
> >> > --
> >> > Igor Sysoev
> >> > http://sysoev.ru/en/
> >> >
> >> >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
> >
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list