Using http/https in a single server block ("ssl" parameter for "listen")

Merlin merlin at mahalo.com
Wed Apr 1 23:13:15 MSD 2009


Daniel,

That appears to be like a nice simplification, but I fear it will add quite
a lot of complexity on the side you don't see.  Also, how does it know where
to get the SSL information such as the key or cipher suite?  Didn't see
anything in your specification.

Working with what is currently here, I typically put the shared locations
into a site.locations file and include it in each server block.  The
benefits of the separation are that it is easy to change locations for both
servers at once, but if need be I can modify each server separately (say to
add a new location in SSL only, for example).  Also, I think it may have to
do with performance...  Generally it is much better for NginX if you
separate server blocks as much as possible, but I think it is even more so
in the case of SSL as SSL adds some overhead.  We should probably wait until
someone more versed with the insides to make a final judgement :).

- Merlin

On Wed, Apr 1, 2009 at 11:23 AM, Daniel Hahler <genml at thequod.de> wrote:

> Hi,
>
> I'd like to enable both http and https within a single server block,
> without having to copy the whole block and only change "listen 80" to
> "listen 443" and add "ssl on".
>
> This appears to work somehow using the "ssl" parameter with "listen",
> but "nginx -t" complains that it can be used together with "default"
> only (""ssl" parameter can be specified for the default "listen"
> directive only").
> However, obviously I can use "default" only once.
>
> Would it be possible to allow usage of the "ssl" parameter without
> having to use "default"?
>
> The example for "ssl" at
> http://wiki.nginx.org/NginxHttpCoreModule#listen uses "default", but
> it's not mentioned in the documentation that this is a requirement.
>
> Example:
> server {
>    server_name example.com;
>    listen 80;
>    listen 443 ssl;
>
>    location / {
>        proxy_pass http://server;
>    }
> }
>
> I'm using nginx/0.7.47.
>
>
> Thanks,
> Daniel
>
> --
> http://daniel.hahler.de/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090401/1135dc88/attachment.html>


More information about the nginx mailing list