Nginx-0.7.14

Changes with nginx 0.7.14 01 Sep
2008

*) Change: now the ssl_certificate and ssl_certificate_key 

directives
have not default values.

*) Feature: the "listen" directive supports the "ssl" parameter.

*) Feature: now nginx takes into account a time zone change while
   reconfiguration on FreeBSD and Linux.

*) Bugfix: the "listen" directive parameters such as "backlog",
   "rcvbuf", etc. were not set, if a default server was not the 

first
one.

*) Bugfix: if URI part captured by a "rewrite" directive was used as 

a
query string, then the query string was not escaped.

*) Bugfix: configuration file validity test improvements.

*) Feature: the “listen” directive supports the “ssl” parameter.

How is it used? Is there an example available?

Hello!

On Tue, Sep 02, 2008 at 08:07:57AM +1000, CryptWizard wrote:

*) Feature: the “listen” directive supports the “ssl” parameter.

How is it used? Is there an example available?

In russian it’s here:
http://www.sysoev.ru/nginx/docs/http/ngx_http_core_module.html#listen

 server {
     listen  80;
     listen  443 ssl;

     ...
 }

It allows using the same server{} for http and https.

Maxim D.

That’s excellent.
Now I don’t need to have 2 almost identical server blocks and make
changes in 2 places every time.
Just waiting for the FreeBSD port to come out.

On Tue, Sep 02, 2008 at 08:45:07AM +1000, CryptWizard wrote:

That’s excellent.
Now I don’t need to have 2 almost identical server blocks and make
changes in 2 places every time.
Just waiting for the FreeBSD port to come out.

This is recommended for sites where difference between HTTP and HTTPS
is small as comprared to whole sites configuration:

    server {
        listen  80;
        listen  443 default ssl;

        server_name  www.example.com;

        ssl_certificate       /path/to/cert;
        ssl_certificate_key   /path/to/key;

        location / {
            ...
        }

        location /ssl/only/dir/ {
            if ($scheme = http) {
                rewrite  ^(.+)$   https://www.example.com$1;
            }
            ...
        }

    }

Aww…
Can you make it work for non-default listen directives as well?

So does that mean that on my non-default servers I can just add listen
443; to it and it will work, and I still don’t need two server blocks
for each actual server+

On Wed, Sep 03, 2008 at 11:19:00PM +1100, CryptWizard wrote:

Aww…
Can you make it work for non-default listen directives as well?

“listen default” means that you define listen(2) and bind(2) parameters.
“ssl” is not listen/bind(2) parameter, but anyway all servers listening
on this port must accept SSL connections only.

No need to re-specify the certificates and stuff?

On Wed, Sep 03, 2008 at 11:53:09PM +1100, CryptWizard wrote:

So does that mean that on my non-default servers I can just add listen
443; to it and it will work, and I still don’t need two server blocks
for each actual server+

Yes:

server {
listen 80;
listen 443 default ssl;
}

server {
listen 80;
listen 443; # it will be SSL too
}

On Thu, Sep 04, 2008 at 12:39:00AM +1100, CryptWizard wrote:

No need to re-specify the certificates and stuff?

No, you need to repeat them, or you may set all SSL directives on http
level.
However, you need special wildcard certificate or certificate with
alternative name, if you want to use name-based SSL hosts.