cannot make catch all ssl server block work

mayak mayak at australsat.com
Mon Oct 13 06:46:27 UTC 2014


hi all,

i'm having trouble with nginx:

<version>
#nginx -V
nginx version: nginx/1.6.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
TLS SNI support enabled
</version>

so i use .conf files in the /etc/nginx/conf.d directory

<default /etc/nginx/conf.d/default.conf>
server {
     listen 443 default_server;
     server_name a.domain.com *.domain.com;

     ssl on;
     ssl_certificate /etc/x509V6/a.crt;
     ssl_certificate_key /etc/x509V6/a.key;
...
}
</default>

and in the same directory i have

<b.conf /etc/nginx/conf.d/b.conf>
server {
     listen 443 default_server;
     server_name b.domain.com;

     ssl on;
     ssl_certificate /etc/x509V6/b.crt;
     ssl_certificate_key /etc/x509V6/b.key;
...
}

both a.domain.com and b.domain.com and c.domain resolve to the same ip address.

however, an `openssl s_client -connect c.domain.com:443` gives me b's certficate and not a's certificate.

is there a way to do a catch all for ssl virtual hosts where a request c.domain.com (or any any other host for that  matter) would be handled by a's container?

thanks

m





More information about the nginx mailing list