ssl, (no) default and sni
Igor Sysoev
igor at sysoev.ru
Wed Dec 2 13:41:51 MSK 2009
On Wed, Dec 02, 2009 at 01:33:00PM +0300, Maxim Dounin wrote:
> Hello!
>
> On Wed, Dec 02, 2009 at 01:15:11PM +0300, Igor Sysoev wrote:
>
> > On Wed, Dec 02, 2009 at 04:20:14AM -0500, GerMalaz wrote:
> >
> > > Any chance to allow
> > >
> > > listen 443 ssl;
> > >
> > > this is, NO "default", if SNI is available?
> >
> > I do not understand what do you want to reach, but since 0.8.21 nginx
> > allows to set listen socket options and features not in default server:
> >
> > server {
> > listen 443 ssl;
> > server_name name;
> > }
> >
> > server {
> > listen 443 default_server;
> > server_name _;
> > }
>
> BTW, the problem with listen ... ssl that bugs me is that one
> can't do something like this:
>
> server {
> listen 8443 ssl;
> server_name x;
> }
> server {
> listen 8443 ssl;
> server_name y;
> }
>
> We use distinct ips in production, but on testing server there is
> only 1 ip available and our configuration flattens to something
> like the above. So we have to use separate ssl servers and
> activate ssl via ssl on; instead.
Yuo may use
server {
listen 8443 ssl;
server_name x;
}
server {
listen 8443;
server_name y;
}
Think of the "ssl" flag as a socket option (although it's not), because
you can not do non-SSL request on SSL enabled port.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list