setup multiple SSL servers in one config

Jon Garvin jgarvin.lists at gmail.com
Tue May 12 19:45:03 MSD 2009 

Igor Sysoev wrote:
> On Tue, May 12, 2009 at 08:54:50AM -0600, Jon Garvin wrote:
>
>   
>> Thanks Igor,
>>    Are you saying that a single instance Nginx cannot handle multiple
>> sites with different SSL certificates?  The environment I'm trying to
>> emulate is working just fine with Pound right now.  In other words, one
>> instance of pound is running on my server that handles multiple SSL
>> certificates for multiple live domains (working like this for several
>> years).  Seems to me if Pound can handle the task, Nginx ought to be
>> able to as well.  Is the only option to run Pound in front of Nginx so
>> that Pound can handle the SSL before passing the traffic off to Nginx? 
>> I was hoping to eliminate Pound from the equation all together.
>>     
>
> No, a single nginx instance can handle several SSL sites, but you need
> several IP, one per each SSL host. Or you may use some workarounds as
> decribed here
>  http://wiki.cacert.org/wiki/VhostTaskForce
>
>   
Yes. we have multiple IPs. As I said this is working now with Pound. 
I'm just having trouble figuring out how to configure Nginx to handle this.

Oh, wait.  I just noticed that the 'listen' directive can take an
address as well as a port.  duh. So, my guess now is that instead of  
'listen 443', I need to say 'listen x.x.x.x:443', in each server block. 
right? 

>> Igor Sysoev wrote:
>>     
>>> On Mon, May 11, 2009 at 05:57:10PM -0600, Jonathan Garvin wrote:
>>>
>>>   
>>>       
>>>> I'm in the process of trying to convert a Pound config file that manages
>>>> multiple SSL sites over to Nginx.  If I just have one site setup in the
>>>> nginx.conf file then everything, including the SSL, works fine. But if I
>>>> add a second server block for a different domain, then the second tries
>>>> to use the SSL certificate for the first, resulting in the browser
>>>> raising security warnings.  My conf file is below.  Any hints at what I
>>>> am doing wrong would be greatly appreciated.
>>>>     
>>>>         
>>> http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
>>> http://wiki.cacert.org/wiki/VhostTaskForce
>>>
>>>
>>>   
>>>       
>> -- 
>>
>> http://www.5valleys.com/
>>
>> http://www.workingwithrails.com/person/8078
>>
>>     
>
>   


-- 

http://www.5valleys.com/

http://www.workingwithrails.com/person/8078

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090512/2606db6f/attachment.html>

More information about the nginx mailing list