Using http/https in a single server block ("ssl" parameter for "listen")

[Daniel Hahler]

Hi Igor,

> Actually, currently it's enough to set "ssl" on default listen only and
> you will get SSL in all server{}s listening on the port:

Thanks! That works, but has been very unclear from the documentation.

I've now adjusted some server blocks already to a single one and use
$schema, e.g. for
  proxy_set_header X-Forwarded-Proto $scheme;

>
>     server {
>         listen 80;
>         listen 443 default ssl;
>         server_name example.com;
>     }
>
>     server {
>         listen 80;
>         listen 443;  # it is SSL-enabled too
>         server_name beispiel.de;
>     }

> SSL is property of listen socket, although it's not kernel related feature
> such as rcvbuf/backlog/etc.: if SSL-handshake has been started you simply
> can not return to plain text.

Thanks for the explanation. This sounds like it's non-trivial to
support it with a non-default "listen" directive (and would not make
sense (or rather work) then anyway).


Thanks for your help,
Daniel

-- 
http://daniel.hahler.de/