Multiple server definitions with SSL

Maxim Dounin mdounin at mdounin.ru
Tue Jul 26 18:12:43 UTC 2011


Hello!

On Tue, Jul 26, 2011 at 05:44:32PM +0100, Ben Lancaster wrote:

> We recently had a problem where we created a new server 
> configuration (for http with and without ssl on ports 443 and 80 
> respectively) on a shared web server which also included a 
> number of other nginx servers similarly configured. 
> 
> Unfortunately, we neglected to include the ssl_certificate and 
> ssl_certificate_key directives for the new server. So, the 
> configurations looked something like this:

[...]

> Is this expected behaviour? Should nginx -t not have flagged 
> that there was no default ssl_certificate(_key) directives 
> defined?

Probably yes, but this isn't currently done when you define 
ssl servers with

    listen ... ssl;

Using "ssl on;" in separate server definition will give you 
expected config test error.

> Why was the first server affected?

Most likely because you used something like "include 
/path/to/files/*;" to include individual config files, and new 
server you added was picked up first and become default one.

Maxim Dounin



More information about the nginx mailing list