setup multiple SSL servers in one config
Igor Sysoev
is at rambler-co.ru
Tue May 12 19:50:19 MSD 2009
On Tue, May 12, 2009 at 09:45:03AM -0600, Jon Garvin wrote:
> Igor Sysoev wrote:
> > On Tue, May 12, 2009 at 08:54:50AM -0600, Jon Garvin wrote:
> >
> >
> >> Thanks Igor,
> >> Are you saying that a single instance Nginx cannot handle multiple
> >> sites with different SSL certificates? The environment I'm trying to
> >> emulate is working just fine with Pound right now. In other words, one
> >> instance of pound is running on my server that handles multiple SSL
> >> certificates for multiple live domains (working like this for several
> >> years). Seems to me if Pound can handle the task, Nginx ought to be
> >> able to as well. Is the only option to run Pound in front of Nginx so
> >> that Pound can handle the SSL before passing the traffic off to Nginx?
> >> I was hoping to eliminate Pound from the equation all together.
> >>
> >
> > No, a single nginx instance can handle several SSL sites, but you need
> > several IP, one per each SSL host. Or you may use some workarounds as
> > decribed here
> > http://wiki.cacert.org/wiki/VhostTaskForce
> >
> >
> Yes. we have multiple IPs. As I said this is working now with Pound.
> I'm just having trouble figuring out how to configure Nginx to handle this.
>
> Oh, wait. I just noticed that the 'listen' directive can take an
> address as well as a port. duh. So, my guess now is that instead of
> 'listen 443', I need to say 'listen x.x.x.x:443', in each server block.
> right?
Yes.
> >> Igor Sysoev wrote:
> >>
> >>> On Mon, May 11, 2009 at 05:57:10PM -0600, Jonathan Garvin wrote:
> >>>
> >>>
> >>>
> >>>> I'm in the process of trying to convert a Pound config file that manages
> >>>> multiple SSL sites over to Nginx. If I just have one site setup in the
> >>>> nginx.conf file then everything, including the SSL, works fine. But if I
> >>>> add a second server block for a different domain, then the second tries
> >>>> to use the SSL certificate for the first, resulting in the browser
> >>>> raising security warnings. My conf file is below. Any hints at what I
> >>>> am doing wrong would be greatly appreciated.
> >>>>
> >>>>
> >>> http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
> >>> http://wiki.cacert.org/wiki/VhostTaskForce
> >>>
> >>>
> >>>
> >>>
> >> --
> >>
> >> http://www.5valleys.com/
> >>
> >> http://www.workingwithrails.com/person/8078
> >>
> >>
> >
> >
>
>
> --
>
> http://www.5valleys.com/
>
> http://www.workingwithrails.com/person/8078
>
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list