Multiple server definitions with SSL
Igor Sysoev
igor at sysoev.ru
Thu Jul 28 06:55:11 UTC 2011
On Tue, Jul 26, 2011 at 10:12:43PM +0400, Maxim Dounin wrote:
> Hello!
>
> On Tue, Jul 26, 2011 at 05:44:32PM +0100, Ben Lancaster wrote:
>
> > We recently had a problem where we created a new server
> > configuration (for http with and without ssl on ports 443 and 80
> > respectively) on a shared web server which also included a
> > number of other nginx servers similarly configured.
> >
> > Unfortunately, we neglected to include the ssl_certificate and
> > ssl_certificate_key directives for the new server. So, the
> > configurations looked something like this:
>
> [...]
>
> > Is this expected behaviour? Should nginx -t not have flagged
> > that there was no default ssl_certificate(_key) directives
> > defined?
>
> Probably yes, but this isn't currently done when you define
> ssl servers with
>
> listen ... ssl;
>
> Using "ssl on;" in separate server definition will give you
> expected config test error.
I'm going to decprecate "ssl on" directive in favour of "listen ... ssl",
since SSL is rather a port option, but not server one.
The initial "ssl on" was inspired by Apache 1.3.
Apache's "Listen ... https" appeared in somewhere in 2005.
--
Igor Sysoev
More information about the nginx
mailing list