Unexpected SSL Behavior with Virtual Hosts
SAH62
nginx-forum at nginx.us
Fri May 16 13:37:12 UTC 2014
Igor Sysoev Wrote:
-------------------------------------------------------
> On 15 May 2014, at 04:01, SAH62 <nginx-forum at nginx.us> wrote:
>
> > Sorry for posting this twice. I posted it in the "How to" forum last
> week,
> > there haven't been any replies, so I thought I'd try again.
> >
> > I'm using nginx for multiple virtual hosts on the same physical
> server. The
> > issue I'm having is that a browser request for
> https://www.domain1.org/ is
> > being answered with a certificate for a different domain. Here's
> what the
> > slices from my config files look like:
> >
> > domain1.conf: (note that there's no listen directive for port 443)
> > server {
> > listen 80;
> > server_name domain1.org www.domain1.org domain1.com www.domain1.com
> > domain1.net www.domain1.net domain1.us www.domain1.us domain1.info
> > www.domain1.info;
> > root /home/domain1/public_html;
> >
> > # more stuff
> > }
> >
> > domain2.conf:
> > server {
> > listen 80;
> >
> > server_name domain2 www.domain2;
> > root /home/domain2/public_html;
> >
> > # more stuff
> > }
> >
> > server { ## SSL config for domain2
> > listen 443 ssl;
> >
> > ssl_certificate /etc/ssl/certs/domain2-chained.crt;
> > ssl_certificate_key /etc/ssl/private/domain2.key;
> > ssl_session_cache shared:SSL:10m;
> > ssl_session_timeout 10m;
> > ssl_protocols SSLv3 TLSv1;
> > ssl_ciphers
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
> > ssl_prefer_server_ciphers on;
> >
> > server_name domain2 www.domain2;
> > root /home/domain2/public_html;
> >
> > # more stuff
> > }
> >
> > server {
> > listen 80;
> >
> > server_name domain3 www.domain3;
> > root /var/www;
> >
> > access_log /var/log/nginx/access-domain3.log;
> > error_log /var/log/nginx/error-domain3.log;
> >
> > return 301 https://$host$request_uri;
> > }
> >
> > server { ## SSL config for domain3
> > listen 443 ssl;
> >
> > ssl_certificate /etc/ssl/certs/domain3-chained.crt;
> > ssl_certificate_key /etc/ssl/private/server.key;
> > ssl_session_cache shared:SSL:10m;
> > ssl_session_timeout 10m;
> > ssl_protocols SSLv3 TLSv1;
> > ssl_ciphers
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
> > ssl_prefer_server_ciphers on;
> >
> > root /var/www;
> > index index.php index.html index.htm;
> >
> > access_log /var/log/nginx/access-domain3-ssl.log;
> > error_log /var/log/nginx/error-domain3-ssl.log;
> > rewrite_log on;
> >
> > server_name www.domain3 domain3;
> >
> > # more stuff
> > }
> >
> > A browser request for https://www.domain1.org/ returns the
> certificate for
> > domain 2 and the content found in the root for domain2. Why is that
> and how
> > can I get the server to redirect to http://www.domain1.org/ instead?
> Thank
> > you…
>
> http://nginx.org/en/docs/http/configuring_https_servers.html#name_base
> d_https_servers
OK, that explains why nginx returns the default certificate. It's listening
on 443, it gets a request, and it doesn't know which domain the HTTP request
is for so it responds with the default certificate. Why is it sending back
the content for domain2, though?
Scott
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250097,250156#msg-250156
More information about the nginx
mailing list