cert handling on redirect of https subdomains
Igor Sysoev
is at rambler-co.ru
Wed Sep 10 08:42:41 MSD 2008
On Wed, Sep 10, 2008 at 03:59:31AM +0000, Martian Alien wrote:
> Note that the base domain (example.com) redirects fine to WWW (www.example.com). Then adding a 2nd subdomain, API (api.example.com), returns the WWW certificate rather than the API one and flags a trust concern in most browsers. Tried a listen field with both api.example.com:443 and the local interface 127.0.0.1:443, all fail in the same way. Redirect works fine except it returns the incorrect SSL certiicate.
>
> server {
> listen api.example.com:443;
> server_name api.example.com api;
>
> ssl on;
> ssl_certificate /opt/local/nginx/certs/api.example.com.crt;
> ssl_certificate_key /opt/local/nginx/certs/api.example.com.key;
>
> rewrite ^/(.*) https://www.example.com/$1 permanent;
> }
>
> server {
> listen api.example.com:80;
> server_name api.example.com api;
> rewrite ^/(.*) http://www.example.com/$1 permanent;
> }
>
> Thanks again for looking into this concern,
Is api.example.com the same IP address as www.example.com ?
> > Date: Tue, 9 Sep 2008 10:22:15 +0400
> > From: is at rambler-co.ru
> > To: nginx at sysoev.ru
> > Subject: Re: cert handling on redirect of https subdomains
> >
> > On Tue, Sep 09, 2008 at 05:51:04AM +0000, Martian Alien wrote:
> >
> > > Hi Nginx Group,
> > >
> > > Just wanted to start off by saying nginx is a rad web server! Na zdrowie!
> > >
> > > So we've noticed some issues with setting up https ssl certificates over multiple subdomains.
> > >
> > > The base domain (example.com) and the first subdomain (www.example.com) work beautifully:
> > >
> > > server {
> > > listen www.example.com:443 default;
> > > server_name www.example.com;
> > >
> > > ssl on;
> > > ssl_certificate /opt/local/nginx/certs/www.example.com.crt;
> > > ssl_certificate_key /opt/local/nginx/certs/www.example.com.key;
> > >
> > > location / {
> > > # ...
> > > }
> > > }
> > >
> > > server {
> > >
> > > listen www.example.com:80 default;
> > >
> > > server_name www.example.com;
> > > location / {
> > >
> > > # ...
> > >
> > > }
> > >
> > > }
> > >
> > >
> > > server {
> > > listen example.com:443;
> > > server_name example.com;
> > >
> > > ssl on;
> > > ssl_certificate /opt/local/nginx/certs/example.com.crt;
> > > ssl_certificate_key /opt/local/nginx/certs/example.com.key;
> > >
> > > rewrite ^/(.*) https://www.example.com/$1 permanent;
> > > }
> > >
> > > server {
> > > server_name example.com;
> > > rewrite ^/(.*) http://www.example.com/$1 permanent;
> > > }
> > >
> > > NOW, If the following is added, the correct SSL cert for api.example.com is not loaded before the redirect, the www.example.com cert is loaded instead:
> > >
> > > server {
> > > listen 127.0.0.1:443;
> > > server_name api.example.com api;
> > >
> > > ssl on;
> > > ssl_certificate /opt/local/nginx/certs/api.example.com.crt;
> > > ssl_certificate_key /opt/local/nginx/certs/api.example.com.key;
> > >
> > > rewrite ^/(.*) https://www.example.com/$1 permanent;
> > > }
> > >
> > > server {
> > > listen 127.0.0.1:80;
> > > server_name api.example.com api;
> > > rewrite ^/(.*) http://www.example.com/$1 permanent;
> > > }
> > >
> > >
> > > Any ideas on how, to setup multiple SSL / HTTPS subdomains, each with their own cert in nginx?
> > >
> > > I've tried many conf variants. At this point, I'm suspecting it is a bug in nginx, but how would that be possible. =)
> >
> > 127.0.0.1 is loopback interface, do you connect to it from outside ?
> >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
>
> _________________________________________________________________
> See how Windows Mobile brings your life together?at home, work, or on the go.
> http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list