Issue with VirtualHost definition order and SNI SSL

Linmiao Xu linmiao.xu at jhu.edu
Fri Oct 9 22:22:29 MSD 2009


When running SSL on more than one virtual host (one IP), I get a weird issue
when virtual hosts are defined in different orders. One virtual host is a
TLD (example.com), and one is an alias I set in /etc/hosts (alias). Both use
their own certificates and work fine when I define them in this order:

include /etc/nginx/vhosts/ssl_example.com.conf;
include /etc/nginx/vhosts/ssl_alias.conf;

But when I reverse the order, both hosts try to use (alias)'s certificate,
so I get an ssl warning when trying to connect to (example.com).

In both cases, I use "listen 443" and server_name is set as (example.com)
and (alias). I don't listen on 443 except in virtual hosts, all with
server_name defined. When I use "listen 443 default ssl" instead of "listen
443" for (example.com), this problem goes away. It looks like nginx takes
the first virtual host that listens on 443 if I try to connect to the server
on a host that isn't listening on 443.

But I still don't understand.. both of the above are valid hosts, so why
does the order in which I include the virtual hosts cause different results?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20091009/ea1305de/attachment.html>


More information about the nginx mailing list