Multiple SSL listen statements and SNI

Igor Sysoev igor at sysoev.ru
Fri Nov 11 08:02:51 UTC 2016


On 11 Nov 2016, at 05:30, Dave Hayes <dave at jetcafe.org> wrote:

> Hello. :) Please consider the following nginx setup:
> 
> server {
>   # server 1
>   listen 443 default_server ssl;
>   server_name "";
>   ...
>   return 444;
> }
> 
> server {
>   # server 2
>   listen 127.0.0.81:443 default_server ssl;
>   server_name "";
>   ...
>   return 444;
> }
> 
> server {
>   # server 3
>   listen 127.0.0.81:443 ssl;
>   server_name "foo.com";
>   ...
> }
> 
> server {
>   # server 4
>   listen 443 ssl;
>   server_name "thing.com";
>   ...
> }
> 
> I am at nginx 1.8.1 with SNI support enabled. The behavior I expect from this is:
> 
>  - requests to foo.com on 127.0.0.81 will return per the server 3 bucket
>  - requests to thing.com on the default interface or on 127.0.0.81 will return per the server 4 bucket
>  - requests to foo.com on the default interface will return 444
>  - requests to any other SSL site will return 444
> 
> The behavior I observe that is different from this expectation is this:
> 
>  - requests to thing.com on the 127.0.0.81 interface return 444
> 
> I would love to know exactly what is going on here. Would anyone be so kind as to point out what is happening? Thanks in advance.

Please read this:
http://nginx.org/en/docs/http/request_processing.html#mixed_name_ip_based_servers

This configuration does what you want:

server {
  # server 4
  listen 443 ssl;
  listen 127.0.0.81:443 ssl;
  server_name "thing.com";
  ...
}


-- 
Igor Sysoev
http://nginx.com



More information about the nginx mailing list