Hi,
I can’t manage to define multiple SSL certificates for each of my
server {} directive.
Only 1 SSL certificate is being sent by Nginx, thus creating warnings
in my browser when I want to access a different domain name which uses
a different certificate. Is that possible to do? In each server {}
block I have defined the exact server_name so Nginx should know where
to go.
SSL is negotiated at the connection level, before the http headers are
transmitted.
You will need to setup a separate IP for each SSL certificate you wish
to host.
Cheers
Dave
Should I actually concatenate my 2 certificates into one file? Would
that thing work?
I cannot have separate IP for each certificate, as I will be hosting
many different websites that each use different certificates. I could
use a wildcard certificate and do a redirection such as
site1.mainsite.com, but I find it’s an ugly solution.
After some research it seems that as Dave said, the only solution is
to set a different IP address for each certificate (what a pain).
So I did that:
server {
listen IP1:443;
…
}
server {
listen IP2:443;
…
}
But Nginx fails to start, and testing the configuration file returns a
failure but no error message.
server {
listen IP2:443;
…
}But Nginx fails to start, and testing the configuration file returns a
failure but no error message.
Hmmm, that sounds weird. Set your error log to debug and HUP nginx
again while tailing the file. If you can kill -TERM nginx, make sure
its stopped and try starting it again. If it can’t start, because of
some config error, I believe it will print it to stderr.
Cheers
Dave
I will use the IP based solution. However I am having problems, when I
specify: “listen myIP:443”, Nginx configuration file tester fails. Why
is that happening?
On 21/10/2008, at 8:04 PM, Thomas wrote:
Should I actually concatenate my 2 certificates into one file? Would
that thing work?
Nope, and even if it did you would need some way of indicating which
certificate goes with which host, and your back to square one.
I cannot have separate IP for each certificate, as I will be hosting
many different websites that each use different certificates. I could
use a wildcard certificate and do a redirection such as
site1.mainsite.com, but I find it’s an ugly solution.
If you have
and
this won’t work
If you want to have
and
then a wildcard will help.
Cheers
Dave
What does it mean?
Is that IP bound to your server.
I just added this stanza to my config
server {
listen 100.100.100.100;
}
and got
[root@b02s04mr ~]# nginx -t
2008/10/21 05:50:10 [info] 28274#0: the configuration file /etc/nginx/
nginx.conf syntax is ok
2008/10/21 05:50:10 [emerg] 28274#0: the configuration file /etc/nginx/
nginx.conf test failed
Cheers
Dave
On Tue, Oct 21, 2008 at 08:50:44PM +1100, Dave C. wrote:
[root@b02s04mr ~]# nginx -t
2008/10/21 05:50:10 [info] 28274#0: the configuration file /etc/nginx/
nginx.conf syntax is ok
2008/10/21 05:50:10 [emerg] 28274#0: the configuration file /etc/nginx/
nginx.conf test failed
Yes, there is bug/feature when nginx shows this error message in
error_log onlya, but not to stderr.
On Tue, Oct 21, 2008 at 11:52:18AM +0200, Thomas wrote:
Here is the error message:
2008/10/21 11:52:46 [emerg] 22020#0: bind() to IP:443 failed (99:
Cannot assign requested address)What does it mean?
This means that you have not configured this IP on the host.
So I tried with my real IP server, and it works. But when I add my IP
failover, it doesn’t.
How do I configure the IP on the host? Why would the host need to be
aware of its IP? Moreover, Nginx is running in a virtual machine, the
only IPs it is aware of are 127.0.0.1 and 10.0.0.1
And why do I need to configure any IP, as Nginx works with the real IP
of my server, why is it not working with the IP failover? By the way
the IP failover is correctly pointing to my server.
On Tue, Oct 21, 2008 at 11:23:15AM +0200, Thomas wrote:
server {
listen IP2:443;
…
}But Nginx fails to start, and testing the configuration file returns a
failure but no error message.
Do you mean that “nginx -t” shows something like this:
the configuration file … syntax is ok
the configuration file … test failed
?
Could look inside main error_log for messages ?
How do I configure the IP on the host?
Please excute next command.
/sbin/ifconfig eth0:0 “IP2”
Why would the host need to be
aware of its IP?
Because we can’t bind non-local IP on processes.
To allow processes to bind to the non-local address,
add the following line to /etc/sysctl.conf:
net.ipv4.ip_nonlocal_bind=1
and
sysctl -p
Now my config file looks like this:
server {
listen 80;
server_name www.site1.com;
}
server {
listen 80;
server_name www.site2.com;
}
server {
listen IP1:443;
server_name www.site1.com;
}
server {
listen IP2:443;
server_name www.site2.com
}
And Nginx is running and there is no longer any error message. I am
not sure what made it work, but I also tweaked at my domain name
registrar the IP address of the domain name site2.com it now points to
IP2 (it used to point to IP1).
Now if I visit http://www.site1.com or site2.com, it works.
But if I visit https://www.site1.com or site2.com, Firefox tells me
that he can’t make the connection, and nothing gets printed in any log
file.
If I type https://IP1 or https://IP2, it doen’t work either.
server {
listen IP1:80;
}
And entering http://www.site1.com or http://IP1 doesn’t work anymore!
What’s happening, is the “listen IP:Port” correctly working with Nginx
0.6.32? I am starting to wonder.
On 21/10/2008, at 9:05 PM, Thomas wrote:
So I tried with my real IP server, and it works. But when I add my IP
failover, it doesn’t.How do I configure the IP on the host? Why would the host need to be
aware of its IP? Moreover, Nginx is running in a virtual machine, the
only IPs it is aware of are 127.0.0.1 and 10.0.0.1
Um, those IP’s aren’t routable on the general internet, how are hosts
going to contact that machine ?
And why do I need to configure any IP, as Nginx works with the real IP
of my server, why is it not working with the IP failover? By the way
the IP failover is correctly pointing to my server.
If you want nginx to listen() on any IP address that is currently
configured for your server (/sbin/ifconfig) then you can say
listen 443;
However, because you need to bind a particular IP to a particular ssl
certificate, then you need to specify the IP you want each server
block assigned too in the config. Also, each of thoses IP’s have to be
valid at server startup time so that nginx can issue a successful
bind() call for each.
Can you give us some more background about your setup, and what you
are trying to do?
Cheers
Dave
As your site will be on the internet, why not tell us the IPs and the
hostnames so that we can assist in debugging.
Cheers
Dave
My website is: http://www.digiprof.fr, if you click the “connexion”
button at the top right corner, you will be redirected to a
registration page which uses SSL.
I have a mail server administration application reachable at
http://www.digiprof.eu, you will get redirected to https and you
should see the certificate warning with www.digiprof.fr
I tried to setup Nginx in the same manner as this page:
http://wiki.apache.org/httpd/NameBasedSSLVHosts
But when I specify an IP address in listen, it doesn’t work.
I have changed my config files, http works, but now https doesn’t work
anymore, firefox can’t make the connection. However in my access.log I
see some references to https://www.digiprof.fr/login, but when I
access it myself, I don’t see it get printed in the log file.
On Tue, Oct 21, 2008 at 05:09:55PM +0200, Thomas wrote:
I have changed my config files, http works, but now https doesn’t work
anymore, firefox can’t make the connection. However in my access.log I
see some references to https://www.digiprof.fr/login, but when I
access it myself, I don’t see it get printed in the log file.
What does “nginx -t” show ?
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs