setup multiple SSL servers in one config

Igor Sysoev is at rambler-co.ru
Tue May 12 19:50:19 MSD 2009 

On Tue, May 12, 2009 at 09:45:03AM -0600, Jon Garvin wrote:

> Igor Sysoev wrote:
> > On Tue, May 12, 2009 at 08:54:50AM -0600, Jon Garvin wrote:
> >
> >   
> >> Thanks Igor,
> >>    Are you saying that a single instance Nginx cannot handle multiple
> >> sites with different SSL certificates?  The environment I'm trying to
> >> emulate is working just fine with Pound right now.  In other words, one
> >> instance of pound is running on my server that handles multiple SSL
> >> certificates for multiple live domains (working like this for several
> >> years).  Seems to me if Pound can handle the task, Nginx ought to be
> >> able to as well.  Is the only option to run Pound in front of Nginx so
> >> that Pound can handle the SSL before passing the traffic off to Nginx? 
> >> I was hoping to eliminate Pound from the equation all together.
> >>     
> >
> > No, a single nginx instance can handle several SSL sites, but you need
> > several IP, one per each SSL host. Or you may use some workarounds as
> > decribed here
> >  http://wiki.cacert.org/wiki/VhostTaskForce
> >
> >   
> Yes. we have multiple IPs. As I said this is working now with Pound. 
> I'm just having trouble figuring out how to configure Nginx to handle this.
> 
> Oh, wait.  I just noticed that the 'listen' directive can take an
> address as well as a port.  duh. So, my guess now is that instead of  
> 'listen 443', I need to say 'listen x.x.x.x:443', in each server block. 
> right? 

Yes.

> >> Igor Sysoev wrote:
> >>     
> >>> On Mon, May 11, 2009 at 05:57:10PM -0600, Jonathan Garvin wrote:
> >>>
> >>>   
> >>>       
> >>>> I'm in the process of trying to convert a Pound config file that manages
> >>>> multiple SSL sites over to Nginx.  If I just have one site setup in the
> >>>> nginx.conf file then everything, including the SSL, works fine. But if I
> >>>> add a second server block for a different domain, then the second tries
> >>>> to use the SSL certificate for the first, resulting in the browser
> >>>> raising security warnings.  My conf file is below.  Any hints at what I
> >>>> am doing wrong would be greatly appreciated.
> >>>>     
> >>>>         
> >>> http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
> >>> http://wiki.cacert.org/wiki/VhostTaskForce
> >>>
> >>>
> >>>   
> >>>       
> >> -- 
> >>
> >> http://www.5valleys.com/
> >>
> >> http://www.workingwithrails.com/person/8078
> >>
> >>     
> >
> >   
> 
> 
> -- 
> 
> http://www.5valleys.com/
> 
> http://www.workingwithrails.com/person/8078
> 

-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list