Multiple SSL listen statements and SNI
Igor Sysoev
igor at sysoev.ru
Fri Nov 11 08:02:51 UTC 2016
On 11 Nov 2016, at 05:30, Dave Hayes <dave at jetcafe.org> wrote:
> Hello. :) Please consider the following nginx setup:
>
> server {
> # server 1
> listen 443 default_server ssl;
> server_name "";
> ...
> return 444;
> }
>
> server {
> # server 2
> listen 127.0.0.81:443 default_server ssl;
> server_name "";
> ...
> return 444;
> }
>
> server {
> # server 3
> listen 127.0.0.81:443 ssl;
> server_name "foo.com";
> ...
> }
>
> server {
> # server 4
> listen 443 ssl;
> server_name "thing.com";
> ...
> }
>
> I am at nginx 1.8.1 with SNI support enabled. The behavior I expect from this is:
>
> - requests to foo.com on 127.0.0.81 will return per the server 3 bucket
> - requests to thing.com on the default interface or on 127.0.0.81 will return per the server 4 bucket
> - requests to foo.com on the default interface will return 444
> - requests to any other SSL site will return 444
>
> The behavior I observe that is different from this expectation is this:
>
> - requests to thing.com on the 127.0.0.81 interface return 444
>
> I would love to know exactly what is going on here. Would anyone be so kind as to point out what is happening? Thanks in advance.
Please read this:
http://nginx.org/en/docs/http/request_processing.html#mixed_name_ip_based_servers
This configuration does what you want:
server {
# server 4
listen 443 ssl;
listen 127.0.0.81:443 ssl;
server_name "thing.com";
...
}
--
Igor Sysoev
http://nginx.com
More information about the nginx
mailing list