Rewrites for sites without SSL on same IP address as those using SSL
Igor Sysoev
igor at sysoev.ru
Mon Apr 9 13:55:15 UTC 2012
On Mon, Apr 09, 2012 at 09:41:54AM -0400, auxbuss wrote:
> I have a few sites on a single IP and a single nginx instance. Some
> domains have SSL certificates (and listen on ports 80 and 443) and some
> don't (and only listen on port 80).
>
> For those domains that don't have an SSL certificate, including a server
> block listening on port 443 to rewrite to port 80 does not work. I
> understand this is because the SSL exchange happens prior to the server
> name being inspected.
>
> When browsing over https to one of the sites without an SSL certificate,
> the current behaviour is that a security warning is presented to the
> client that lists the certificate for the default_server and not the
> appropriate domain.
>
> Is there a way to rewrite https requests to http (for the domains with
> an SSL certificate) while retaining the appropriate domain?
Do you mean the domains WITHOUT an SSL certificate ?
> If not, is the best way to resolve this to add an additional IP and use
> one for those sites requiring ports 80 and 443 and another for those
> only using port 80?
Yes, in this case Firefox will show
-----
Unable to connect
Firefox can't establish a connection to the server at ...
-----
--
Igor Sysoev
More information about the nginx
mailing list