22 messages in ru.sysoev.nginxRe: cert handling on redirect of http...| From | Sent On | Attachments |
|---|---|---|
| Martian Alien | Sep 8, 2008 10:50 pm | |
| Igor Sysoev | Sep 8, 2008 11:21 pm | |
| Martian Alien | Sep 9, 2008 8:59 pm | |
| Chris Savery | Sep 9, 2008 9:31 pm | |
| Igor Sysoev | Sep 9, 2008 9:42 pm | |
| Martian Alien | Sep 11, 2008 12:56 am | |
| Igor Sysoev | Sep 11, 2008 1:07 am | |
| Tit Petric | Sep 11, 2008 1:18 am | |
| Reinis Rozitis | Sep 11, 2008 1:46 am | |
| Igor Sysoev | Sep 11, 2008 2:24 am | |
| Reinis Rozitis | Sep 11, 2008 2:46 am | |
| Igor Sysoev | Sep 11, 2008 3:17 am | |
| mike | Sep 11, 2008 8:32 am | |
| Igor Sysoev | Sep 11, 2008 8:45 am | |
| Reinis Rozitis | Sep 11, 2008 2:59 pm | |
| Martian Alien | Sep 11, 2008 5:26 pm | |
| Igor Sysoev | Sep 11, 2008 11:03 pm | |
| Manlio Perillo | Sep 12, 2008 1:51 am | |
| Adrian Perez | Sep 12, 2008 2:06 am | |
| mike | Sep 12, 2008 2:14 am | |
| Reinis Rozitis | Sep 12, 2008 2:35 am | |
| Igor Sysoev | Sep 12, 2008 4:07 am |
| Subject: | Re: cert handling on redirect of https subdomains | |
|---|---|---|
| From: | Chris Savery (chri...@public.gmane.org) | |
| Date: | Sep 9, 2008 9:31:36 pm | |
| List: | ru.sysoev.nginx | |
I have also noticed some unusual behaviour with ssl server configs. I found that some items put in http were better to be put again in the server section. In particular, I found that if fastcgi_params was "included" in http (and worked fine with non-ssl sections) then inside an ssl server it would cross post values from one domain to another. I fixed it by including the fastcgi_params again inside the ssl server. I have no idea why that worked or why it wouldn't behave as expected in the first place but you may try something similar to see if it helps. Chris :)
Martian Alien wrote:
Note that the base domain (example.com) redirects fine to WWW (www.example.com). Then adding a 2nd subdomain, API (api.example.com), returns the WWW certificate rather than the API one and flags a trust concern in most browsers. Tried a listen field with both api.example.com:443 and the local interface 127.0.0.1:443, all fail in the same way. Redirect works fine except it returns the incorrect SSL certiicate.
server { listen api.example.com:443; server_name api.example.com api;
ssl on; ssl_certificate /opt/local/nginx/certs/api.example.com.crt; ssl_certificate_key /opt/local/nginx/certs/api.example.com.key;
rewrite ^/(.*) https://www.example.com/$1 permanent; }
server { listen api.example.com:80; server_name api.example.com api; rewrite ^/(.*) http://www.example.com/$1 permanent; }
Thanks again for looking into this concern, Martian
------------------------------------------------------------------------
Date: Tue, 9 Sep 2008 10:22:15 +0400 From: is-G...@public.gmane.org To: nginx-nofU2znGi42HXe+LvDL...@public.gmane.org Subject: Re: cert handling on redirect of https subdomains
On Tue, Sep 09, 2008 at 05:51:04AM +0000, Martian Alien wrote:
Hi Nginx Group,
Just wanted to start off by saying nginx is a rad web server! Na zdrowie!
So we've noticed some issues with setting up https ssl certificates over multiple subdomains.
The base domain (example.com) and the first subdomain (www.example.com) work beautifully:
server { listen www.example.com:443 default; server_name www.example.com;
ssl on; ssl_certificate /opt/local/nginx/certs/www.example.com.crt; ssl_certificate_key /opt/local/nginx/certs/www.example.com.key;
location / { # ... } }
server {
listen www.example.com:80 default;
server_name www.example.com; location / {
# ...
}
}
server { listen example.com:443; server_name example.com;
ssl on; ssl_certificate /opt/local/nginx/certs/example.com.crt; ssl_certificate_key /opt/local/nginx/certs/example.com.key;
rewrite ^/(.*) https://www.example.com/$1 permanent; }
server { server_name example.com; rewrite ^/(.*) http://www.example.com/$1 permanent; }
NOW, If the following is added, the correct SSL cert for
api.example.com is not loaded before the redirect, the www.example.com cert is loaded instead:
server { listen 127.0.0.1:443; server_name api.example.com api;
ssl on; ssl_certificate /opt/local/nginx/certs/api.example.com.crt; ssl_certificate_key /opt/local/nginx/certs/api.example.com.key;
rewrite ^/(.*) https://www.example.com/$1 permanent; }
server { listen 127.0.0.1:80; server_name api.example.com api; rewrite ^/(.*) http://www.example.com/$1 permanent; }
Any ideas on how, to setup multiple SSL / HTTPS subdomains, each with their own cert in nginx?
I've tried many conf variants. At this point, I'm suspecting it is
a bug in nginx, but how would that be possible. =)
127.0.0.1 is loopback interface, do you connect to it from outside ?
-- Igor Sysoev http://sysoev.ru/en/
------------------------------------------------------------------------ See how Windows Mobile brings your life together—at home, work, or on the go. See Now <http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/>