Using http/https in a single server block ("ssl" parameter for "listen")
Daniel Hahler
genml at thequod.de
Fri Apr 3 14:47:51 MSD 2009
Hi Igor,
2009/4/1 Igor Sysoev:
> On Wed, Apr 01, 2009 at 08:23:18PM +0200, Daniel Hahler wrote:
>> I'd like to enable both http and https within a single server block,
>> without having to copy the whole block and only change "listen 80" to
>> "listen 443" and add "ssl on".
>>
>> This appears to work somehow using the "ssl" parameter with "listen",
>> but "nginx -t" complains that it can be used together with "default"
>> only (""ssl" parameter can be specified for the default "listen"
>> directive only").
>> However, obviously I can use "default" only once.
>>
>> Would it be possible to allow usage of the "ssl" parameter without
>> having to use "default"?
>>
>> The example for "ssl" at
>> http://wiki.nginx.org/NginxHttpCoreModule#listen uses "default", but
>> it's not mentioned in the documentation that this is a requirement.
>>
>> Example:
>> server {
>> server_name example.com;
>> listen 80;
>> listen 443 ssl;
>>
>> location / {
>> proxy_pass http://server;
>> }
>> }
>>
>> I'm using nginx/0.7.47.
>
> I can not say right now if is it possible to allow "ssl" parameter
> on non-default listen, but how do you plan to use two name-based
> SSL servers on one IP-address:
>
> server {
> server_name example.com;
> listen 80;
> listen 443 ssl;
> }
>
> server {
> server_name beispiel.de;
> listen 80;
> listen 443 ssl;
> }
>
> ?
Yes.
I'm using a single ssl_certificate/ssl_certificate_key config in the
http block, so it gets used for all servers.
I have a single certificate, which works for multiple hostnames (see
http://daniel.hahler.de/many_common_names_cn_in_one_ssl_certific - I'm
not sure if it's currently this exact same setup/config, but it comes
close).
However, you could still allow to use ssl config options in server
blocks to work when only "listen X ssl" is used, but not "ssl on"?!
(But of course, you should know much better if this is
feasible/possible)
Cheers,
Daniel
--
http://daniel.hahler.de/
More information about the nginx
mailing list