Repeated include /etc/includes/ssl.conf Passes configtest, fails SSL Handshake
Maxim Dounin
mdounin at mdounin.ru
Thu Jul 31 14:37:11 UTC 2014
Hello!
On Wed, Jul 30, 2014 at 10:14:05AM +0800, Matt Silverlock wrote:
> Hi all,
>
> Had a chat with a helpful person on IRC but both are stumped as
> to why my configuration passes a check (nginx -t) but fails to
> properly handle SSL.
>
> – I’ve split a couple of repetitive blocks out into
> /etc/nginx/includes/ssl.conf (-rw-r--r-- root:root - same as
> nginx.conf - should not be a problem)
> – Doing so results in SSL handshake issues (and the connection
> fails appropriately)
[...]
> If I move the include directive (effectively removing the
> duplication) into the http block and put the ssl_certificate and
> ssl_certificate_key directives into each of the two (2) server
> blocks instead of includes/ssl.conf, all is well. But this
> conflicts with the documentation (as I interpret it) and still
> results in some duplicated configuration.
It's good idea to show _full_ config which shows
the problem. The snipped you've showed looks fine and expected to
work, but it's easy to make things wrong by some hardly noticeable
mistake - e.g., missing semicolon.
It's also a good idea to take a look into error log - it may have
something for you.
BTW, as long as there is only one certificate, it's expected to work
fine with all ssl options at http{} levels. You don't need to
put ssl_certificate and ssl_certificate_key into server{} blocks.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list