how do I run multiple https web sites on a single IP address

Francis Daly francis at daoine.org
Tue Jan 2 22:53:59 UTC 2018


On Tue, Jan 02, 2018 at 11:27:07AM -0500, Kurogane wrote:

Hi there,

> >http://nginx.org/en/docs/http/configuring_https_servers.html
> 
> I'm not sure what is your point here? nginx have built SNI a decade ago even
> CentOS have nginx updated version.
> 
> If my nginx not have enabled or not SNI support then why works with www?

Ah, sorry - I had missed that https://www.domain.com, https://domain.com,
and https://www.domain2.com all worked ok on IPv4. It is only
https://domain2.com that presents an unwanted certificate.

(And it presents the certificate for domain.com, even though
www.domain.com is configured as the default_server.)

Do you have four separate ssl certificate files, each of which is valid
for a single server name?

Or do you have one ssl certificate file which is valid for multiple
server names?

> Can you enlighten me what i do wrong or what is the "special" configuration
> to use SNI with shared IPv4 address.

One guess - is there any chance that the contents of the ssl_certificate
file that applies in the domain2.com server{} block is actually the
domain.com certificate? (Probably not, because the IPv6 connection should
be using the same ssl_certificate, and no error was reported there.)

Other than that, I don't know. Can you provide a complete config and
test commands that someone else can use to recreate the problem?

Or, to rule out any strange IPv4/IPv6 interaction -- do you see the same
behaviour when you remove all of the IPv6 config?

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list