Unexpected SSL Behavior with Virtual Hosts
Steve Holdoway
steve at greengecko.co.nz
Thu May 15 00:25:45 UTC 2014
Hi!
On Wed, 2014-05-14 at 20:01 -0400, SAH62 wrote:
> Sorry for posting this twice. I posted it in the "How to" forum last week,
> there haven't been any replies, so I thought I'd try again.
>
> I'm using nginx for multiple virtual hosts on the same physical server. The
> issue I'm having is that a browser request for https://www.domain1.org/ is
> being answered with a certificate for a different domain. Here's what the
> slices from my config files look like:
>
> domain1.conf: (note that there's no listen directive for port 443)
> server {
> listen 80;
> server_name domain1.org www.domain1.org domain1.com www.domain1.com
> domain1.net www.domain1.net domain1.us www.domain1.us domain1.info
> www.domain1.info;
> root /home/domain1/public_html;
>
> # more stuff
> }
>
> domain2.conf:
> server {
> listen 80;
>
> server_name domain2 www.domain2;
> root /home/domain2/public_html;
>
> # more stuff
> }
>
> server { ## SSL config for domain2
> listen 443 ssl;
>
> ssl_certificate /etc/ssl/certs/domain2-chained.crt;
> ssl_certificate_key /etc/ssl/private/domain2.key;
> ssl_session_cache shared:SSL:10m;
> ssl_session_timeout 10m;
> ssl_protocols SSLv3 TLSv1;
> ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
> ssl_prefer_server_ciphers on;
>
> server_name domain2 www.domain2;
> root /home/domain2/public_html;
>
> # more stuff
> }
>
> server {
> listen 80;
>
> server_name domain3 www.domain3;
> root /var/www;
>
> access_log /var/log/nginx/access-domain3.log;
> error_log /var/log/nginx/error-domain3.log;
>
> return 301 https://$host$request_uri;
> }
>
> server { ## SSL config for domain3
> listen 443 ssl;
>
> ssl_certificate /etc/ssl/certs/domain3-chained.crt;
> ssl_certificate_key /etc/ssl/private/server.key;
> ssl_session_cache shared:SSL:10m;
> ssl_session_timeout 10m;
> ssl_protocols SSLv3 TLSv1;
> ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
> ssl_prefer_server_ciphers on;
>
> root /var/www;
> index index.php index.html index.htm;
>
> access_log /var/log/nginx/access-domain3-ssl.log;
> error_log /var/log/nginx/error-domain3-ssl.log;
> rewrite_log on;
>
> server_name www.domain3 domain3;
>
> # more stuff
> }
>
> A browser request for https://www.domain1.org/ returns the certificate for
> domain 2 and the content found in the root for domain2. Why is that and how
> can I get the server to redirect to http://www.domain1.org/ instead? Thank
> you...
If you don't specify a default browser for https, then it uses the first
one it comes across. You have to specifically redirect domain1 https to
http: - this *may* require a valid cert for domain 1...
server {
listen 443 ssl;
server_name domain1.com www.domain1.com;
ssl_certificate domain1.com.crt;
ssl_certificate_key domain1.com.key;
return 301 http://domain1.com$request_uri;
}
BTW I find that combining http and https: stuff for server definitions
to be much simpler. I also dump as much of the SSL settings as possible
in the http {} block. Both of these approaches make a setup that I find
simpler to administer.
hth,
Steve
--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa
More information about the nginx
mailing list