Virtual hosts sharing same port

Frank Liu gfrankliu at gmail.com
Mon Apr 16 21:16:12 UTC 2018


Thanks Maxim!

This is something interesting to know.

We had an outage last year when we had bunch of virtual hosts all with
listen a.b.c.d:443 ssl;
and someone added a new virtual host with
listen a.b.c.d:443;
and caused 443 no longer doing SSL.
Based on what you said, this should not happen. I need to dig deeper into
it.

Frank


On Mon, Apr 16, 2018 at 9:49 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Mon, Apr 16, 2018 at 08:13:42AM -0700, Frank Liu wrote:
>
> > Does that mean nginx will read and combine listen options from
> > all virtual hosts and use that to create listening socket?
>
> Yes.  You can configure something like this:
>
>    server {
>        listen 443 ssl;
>        ...
>    }
>
>    server {
>        listen 443;
>        ...
>    }
>
> and both servers will use SSL.  Moreover, currently you can do
> something like this:
>
>    server {
>        listen 443 ssl;
>        ...
>    }
>
>    server {
>        listen 443 http2;
>        ...
>    }
>
> and both servers will use SSL and HTTP/2.  (The latter is actually
> very confusing, and likely will result in warnings / errors during
> configuration parsing in future versions.)
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180416/4d1db12a/attachment-0001.html>


More information about the nginx mailing list