cert handling on redirect of https subdomains
Martian Alien
ufospy at hotmail.com
Wed Sep 10 07:59:31 MSD 2008
Note that the base domain (example.com) redirects fine to WWW (www.example.com). Then adding a 2nd subdomain, API (api.example.com), returns the WWW certificate rather than the API one and flags a trust concern in most browsers. Tried a listen field with both api.example.com:443 and the local interface 127.0.0.1:443, all fail in the same way. Redirect works fine except it returns the incorrect SSL certiicate.
server {
listen api.example.com:443;
server_name api.example.com api;
ssl on;
ssl_certificate /opt/local/nginx/certs/api.example.com.crt;
ssl_certificate_key /opt/local/nginx/certs/api.example.com.key;
rewrite ^/(.*) https://www.example.com/$1 permanent;
}
server {
listen api.example.com:80;
server_name api.example.com api;
rewrite ^/(.*) http://www.example.com/$1 permanent;
}
Thanks again for looking into this concern,
Martian
> Date: Tue, 9 Sep 2008 10:22:15 +0400
> From: is at rambler-co.ru
> To: nginx at sysoev.ru
> Subject: Re: cert handling on redirect of https subdomains
>
> On Tue, Sep 09, 2008 at 05:51:04AM +0000, Martian Alien wrote:
>
> > Hi Nginx Group,
> >
> > Just wanted to start off by saying nginx is a rad web server! Na zdrowie!
> >
> > So we've noticed some issues with setting up https ssl certificates over multiple subdomains.
> >
> > The base domain (example.com) and the first subdomain (www.example.com) work beautifully:
> >
> > server {
> > listen www.example.com:443 default;
> > server_name www.example.com;
> >
> > ssl on;
> > ssl_certificate /opt/local/nginx/certs/www.example.com.crt;
> > ssl_certificate_key /opt/local/nginx/certs/www.example.com.key;
> >
> > location / {
> > # ...
> > }
> > }
> >
> > server {
> >
> > listen www.example.com:80 default;
> >
> > server_name www.example.com;
> > location / {
> >
> > # ...
> >
> > }
> >
> > }
> >
> >
> > server {
> > listen example.com:443;
> > server_name example.com;
> >
> > ssl on;
> > ssl_certificate /opt/local/nginx/certs/example.com.crt;
> > ssl_certificate_key /opt/local/nginx/certs/example.com.key;
> >
> > rewrite ^/(.*) https://www.example.com/$1 permanent;
> > }
> >
> > server {
> > server_name example.com;
> > rewrite ^/(.*) http://www.example.com/$1 permanent;
> > }
> >
> > NOW, If the following is added, the correct SSL cert for api.example.com is not loaded before the redirect, the www.example.com cert is loaded instead:
> >
> > server {
> > listen 127.0.0.1:443;
> > server_name api.example.com api;
> >
> > ssl on;
> > ssl_certificate /opt/local/nginx/certs/api.example.com.crt;
> > ssl_certificate_key /opt/local/nginx/certs/api.example.com.key;
> >
> > rewrite ^/(.*) https://www.example.com/$1 permanent;
> > }
> >
> > server {
> > listen 127.0.0.1:80;
> > server_name api.example.com api;
> > rewrite ^/(.*) http://www.example.com/$1 permanent;
> > }
> >
> >
> > Any ideas on how, to setup multiple SSL / HTTPS subdomains, each with their own cert in nginx?
> >
> > I've tried many conf variants. At this point, I'm suspecting it is a bug in nginx, but how would that be possible. =)
>
> 127.0.0.1 is loopback interface, do you connect to it from outside ?
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
_________________________________________________________________
See how Windows Mobile brings your life together—at home, work, or on the go.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20080910/3dd22deb/attachment.html>
More information about the nginx
mailing list