Hello,

I had a long chat with a user in the IRC channel about SSL in nginx. Initially, it started out talking about hosting multiple domains with SSL on the same address. They pointed me to http://tools.ietf.org/html/rfc4366#section-3.1 which seems fairly straightforward and I am curious if there is interest in this or if Igor plans to implement it at some point in future anyway.

Also, through talking with him, he showed me his idea for how the SSL support should work. It went more or less like this:

ssl_certificate /etc/ssl/custom/supercatchall.crt; ssl_certificate_key /etc/ssl/custom/supercatchall.key; server { listen 80; listen 443; if(port = 443) { ssl on; } ... normal server config ... } ... repeated for several servers apparently on same IP ...

I tried to talk him out of using if and using a separate server block for 443 and 80 ports for each server, and just including common configuration. Apparently, this does not currently work, but it seems it should be more or less usable, I think he was having problems with using default ssl in the listen line and NginX would not bind multiple times. At any rate, he also complained about the "roundabout redundancy" of the config. That got me to thinking, would something like the following be desirable, and how difficult to implement would it be?

server { listen 80; listen 443; ssl on 443; ... normal server config ... }

My gut instinct tells me this would be a lot more work than simply allowing multiple SSL hosts per IP address, but it does seem to have a nice ring to it, this late in the day.

So to summarize, I am curious if 0.8.x is planned to support multiple SSL hosts per IP, if that feature is even desired by anyone (or maybe other ways to do it, in case I see this problem again!), and finally anyone and everyone's thoughts on the above syntax to unify config for SSL and non SSL (you could still use separate blocks if the configuration is not exactly the same for plain and SSL, of course).

Thanks, Merlin