SSL server_name support, single server block plain/SSL, et al in 0.8.x ?

Denis F. Latypoff denis at gostats.ru
Mon Jul 13 11:58:50 MSD 2009


Hello merlin,

Monday, July 13, 2009, 2:17:02 PM, you wrote:

> Hello,

> I had a long chat with a user in the IRC channel about SSL in nginx.
> Initially, it started out talking about hosting multiple domains with
> SSL on the same address.  They pointed me to
> http://tools.ietf.org/html/rfc4366#section-3.1 which seems fairly
> straightforward and I am curious if there is interest in this or if
> Igor plans to implement it at some point in future anyway.

> Also, through talking with him, he showed me his idea for how the SSL
> support should work.  It went more or less like this:

> ssl_certificate      /etc/ssl/custom/supercatchall.crt;
> ssl_certificate_key  /etc/ssl/custom/supercatchall.key;
> server {
>   listen 80;
>   listen 443;   
>   if(port = 443) {
>     ssl on;
>   }
>   ... normal server config ...
> }
> ... repeated for several servers apparently on same IP ...

> I tried to talk him out of using if and using a separate server block
> for 443 and 80 ports for each server, and just including common
> configuration.  Apparently, this does not currently work, but it seems
> it should be more or less usable, I think he was having problems with
> using default ssl in the listen line and NginX would not bind multiple
> times.  At any rate, he also complained about the "roundabout
> redundancy" of the config.  That got me to thinking, would something
> like the following be desirable, and how difficult to implement would
> it be?

> server {
>   listen 80;
>   listen 443;
>   ssl on 443;
>   ... normal server config ...
> }

> My gut instinct tells me this would be a lot more work than simply
> allowing multiple SSL hosts per IP address, but it does seem to have a
> nice ring to it, this late in the day.

> So to summarize, I am curious if 0.8.x is planned to support multiple
> SSL hosts per IP, if that feature is even desired by anyone (or maybe
> other ways to do it, in case I see this problem again!), and finally
> anyone and everyone's thoughts on the above syntax to unify config for
> SSL and non SSL (you could still use separate blocks if the
> configuration is not exactly the same for plain and SSL, of course).

> Thanks,
> Merlin

http://wiki.nginx.org/NginxHttpCoreModule#listen

server {
    listen 80;
    listen 443 ssl;
    ... normal server config ...
}

-- 
Best regards,
 Denis                            mailto:denis at gostats.ru






More information about the nginx mailing list