6 messages in ru.sysoev.nginxRe: setup multiple SSL servers in one...| From | Sent On | Attachments |
|---|---|---|
| Jonathan Garvin | May 11, 2009 4:56 pm | |
| Igor Sysoev | May 11, 2009 10:47 pm | |
| Jon Garvin | May 12, 2009 7:54 am | |
| Igor Sysoev | May 12, 2009 7:58 am | |
| Jon Garvin | May 12, 2009 8:44 am | |
| Igor Sysoev | May 12, 2009 8:49 am |
| Subject: | Re: setup multiple SSL servers in one config | |
|---|---|---|
| From: | Jon Garvin (jgar...@gmail.com) | |
| Date: | May 12, 2009 8:44:40 am | |
| List: | ru.sysoev.nginx | |
Igor Sysoev wrote:
On Tue, May 12, 2009 at 08:54:50AM -0600, Jon Garvin wrote:
Thanks Igor, Are you saying that a single instance Nginx cannot handle multiple sites with different SSL certificates? The environment I'm trying to emulate is working just fine with Pound right now. In other words, one instance of pound is running on my server that handles multiple SSL certificates for multiple live domains (working like this for several years). Seems to me if Pound can handle the task, Nginx ought to be able to as well. Is the only option to run Pound in front of Nginx so that Pound can handle the SSL before passing the traffic off to Nginx? I was hoping to eliminate Pound from the equation all together.
No, a single nginx instance can handle several SSL sites, but you need several IP, one per each SSL host. Or you may use some workarounds as decribed here http://wiki.cacert.org/wiki/VhostTaskForce
Yes. we have multiple IPs. As I said this is working now with Pound. I'm just having trouble figuring out how to configure Nginx to handle this.
Oh, wait. I just noticed that the 'listen' directive can take an address as well as a port. duh. So, my guess now is that instead of 'listen 443', I need to say 'listen x.x.x.x:443', in each server block. right?
Igor Sysoev wrote:
On Mon, May 11, 2009 at 05:57:10PM -0600, Jonathan Garvin wrote:
I'm in the process of trying to convert a Pound config file that manages multiple SSL sites over to Nginx. If I just have one site setup in the nginx.conf file then everything, including the SSL, works fine. But if I add a second server block for a different domain, then the second tries to use the SSL certificate for the first, resulting in the browser raising security warnings. My conf file is below. Any hints at what I am doing wrong would be greatly appreciated.
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts http://wiki.cacert.org/wiki/VhostTaskForce
--
--