SSL & Nginx

Jaap van Arragon j.vanarragon at lukkien.com
Mon Jan 3 13:21:14 MSK 2011 

Hello,

First let me wish everybody a very good and healthy 2011!

We are using nginx for loadbalancing multiple websites. Almost every website
has SSL enabled.

We have one upstream for a couple of websites:

#start webservers:
    upstream webservers-fair {
        fair;
        server 213.154.235.247 max_fails=5 fail_timeout=20s weight=1;
        server 213.154.235.248 max_fails=5 fail_timeout=20s weight=1;
    } #end upstream

The upstream needed is provided in the config, here is the problem. We use
the config IP multiple times with different certificates and different
server_name variables. Last Friday we¹ve noticed that the certificate wasn¹t
working well in IE7/8/9. Is this a known problem or am I doing something
wrong?

server {
        listen xxx.xxx.xxx.249:80;
        server_name domain.nl;
        server_name domain.nl;
        #logs
        access_log /var/log/nginx/lb1-webservers.access.log;
        error_log /var/log/nginx/lb1-webservers.error.log;

        location / {
              proxy_pass http://webservers-fair;
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For
$proxy_add_x_forwarded_for;
                proxy_redirect off;
                proxy_max_temp_file_size 0;
                client_max_body_size 30M;
                }

              location /status {
                stub_status on;
                access_log off;
                }

        }#end server

server {
        listen xxx.xxx.xxx.249:443;
        server_name domain.nl;
        server_name domain.nl;
        #logs
        access_log /var/log/nginx/lb1-webservers.access.log;
        error_log /var/log/nginx/lb1-webservers.error.log;

        ssl                 on;
        ssl_certificate     /certificates/ssl/domain-nl.crt;
        ssl_certificate_key  /certificates/ssl/domain-nl.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;


        location / {
              proxy_pass http://webservers-fair;
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For
$proxy_add_x_forwarded_for;
                proxy_redirect off;
                proxy_max_temp_file_size 0;
                client_max_body_size 30M;
                }

              location /status-ssl {
                stub_status on;
                access_log off;
                }

        }#end server

########################### WEBSERVER
###############################################

Help is much appreciated!!

Grt
Jaap van Arragon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110103/cde95db7/attachment-0001.html>

More information about the nginx mailing list