Changes with nginx 0.7.14 01 Sep
2008
*) Change: now the ssl_certificate and ssl_certificate_key
directives
have not default values.
*) Feature: the "listen" directive supports the "ssl" parameter.
*) Feature: now nginx takes into account a time zone change while
reconfiguration on FreeBSD and Linux.
*) Bugfix: the "listen" directive parameters such as "backlog",
"rcvbuf", etc. were not set, if a default server was not the
first
one.
*) Bugfix: if URI part captured by a "rewrite" directive was used as
a
query string, then the query string was not escaped.
*) Bugfix: configuration file validity test improvements.
on 01.09.2008 17:50
on 02.09.2008 00:19
> *) Feature: the "listen" directive supports the "ssl" parameter.
How is it used? Is there an example available?
on 02.09.2008 00:39
Hello! On Tue, Sep 02, 2008 at 08:07:57AM +1000, CryptWizard wrote: >> *) Feature: the "listen" directive supports the "ssl" parameter. > >How is it used? Is there an example available? In russian it's here: http://www.sysoev.ru/nginx/docs/http/ngx_http_core_module.html#listen server { listen 80; listen 443 ssl; ... } It allows using the same server{} for http and https. Maxim Dounin
on 02.09.2008 00:53
That's excellent. Now I don't need to have 2 almost identical server blocks and make changes in 2 places every time. Just waiting for the FreeBSD port to come out.
on 02.09.2008 08:17
On Tue, Sep 02, 2008 at 08:45:07AM +1000, CryptWizard wrote: > That's excellent. > Now I don't need to have 2 almost identical server blocks and make > changes in 2 places every time. > Just waiting for the FreeBSD port to come out. This is recommended for sites where difference between HTTP and HTTPS is small as comprared to whole sites configuration: server { listen 80; listen 443 default ssl; server_name www.example.com; ssl_certificate /path/to/cert; ssl_certificate_key /path/to/key; location / { ... } location /ssl/only/dir/ { if ($scheme = http) { rewrite ^(.+)$ https://www.example.com$1; } ... } }
on 03.09.2008 14:28
Aww... Can you make it work for non-default listen directives as well?
on 03.09.2008 14:40
On Wed, Sep 03, 2008 at 11:19:00PM +1100, CryptWizard wrote: > Aww... > Can you make it work for non-default listen directives as well? "listen default" means that you define listen(2) and bind(2) parameters. "ssl" is not listen/bind(2) parameter, but anyway all servers listening on this port must accept SSL connections only.
on 03.09.2008 15:01
So does that mean that on my non-default servers I can just add listen 443; to it and it will work, and I still don't need two server blocks for each actual server+
on 03.09.2008 15:05
On Wed, Sep 03, 2008 at 11:53:09PM +1100, CryptWizard wrote: > So does that mean that on my non-default servers I can just add listen > 443; to it and it will work, and I still don't need two server blocks > for each actual server+ Yes: server { listen 80; listen 443 default ssl; } server { listen 80; listen 443; # it will be SSL too }
on 03.09.2008 15:50
No need to re-specify the certificates and stuff?
on 03.09.2008 15:52
On Thu, Sep 04, 2008 at 12:39:00AM +1100, CryptWizard wrote:
> No need to re-specify the certificates and stuff?
No, you need to repeat them, or you may set all SSL directives on http
level.
However, you need special wildcard certificate or certificate with
alternative name, if you want to use name-based SSL hosts.