I have an ubuntu hardy with nginx version: nginx/0.5.33
I have multiple servers and they are working perfectly on port 80.
Now, some of them I want to serve using SSL on port 443, and each of them have their own ssl certificate.
The problem is that every domain is using the same ssl certificate, and an error appears in the browser saying a mismatch name ssl certificate.
I'm sure all the certificates are valid and are correct, the paths are correct. If I serve only ONE domain, the ssl certificate is OK, so all the files are OK.
Why is nginx using always the same ssl certificate for all server configurations ?
Here are two examples, if both are active, it takes always the ssl for domain1, if I remove the domain1, domain2 with ssl works ok with the correct ssl file.
thanks,
m.
nginx.conf file:
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
domain1.conf file:
server {
listen 443;
server_name domain1.montx.com;
root /etc/nginx/sites-available/domain1;
access_log /etc/nginx/sites-available/domain1/log/nginx.log;
error_page 500 502 503 504 /500.html;
client_max_body_size 50M;
ssl on;
ssl_certificate /etc/nginx/conf.d/domain1.crt;
ssl_certificate_key /etc/nginx/conf.d/domain1.key;
location / {
auth_basic "Restricted";
auth_basic_user_file domain1_htpasswd;
}
}
domain2.conf file:
upstream thin_domain2 {
server unix:/tmp/thin_domain2.0.sock;
server unix:/tmp/thin_domain2.1.sock;
server unix:/tmp/thin_domain2.2.sock;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/conf.d/domain2.crt;
ssl_certificate_key /etc/nginx/conf.d/domain2.key;
server_name domain2.montx.com;
root /u/apps/domain2/current/public;
access_log /u/apps/domain2/shared/log/nginx.log;
error_page 500 502 503 504 /500.html;
client_max_body_size 50M;
# First rewrite rule for handling maintenance page
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
location / {
index index.html index.htm;
# Forward information about the client and host
# Otherwise our Rails app wouldn't have access to it
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
# Directly serve static content
location ~ ^/(images|javascripts|stylesheets)/ {
expires 10y;
}
if (-f $request_filename) {
break;
}
# Directly serve cached pages
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
# Otherwise let Thin handle the request
if (!-f $request_filename) {
proxy_pass http://thin_domain2;
break;
}
}
}
Best Answer
You need to assign an individual IP address for each SSL cert you want to use.
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
http://www.ruby-forum.com/topic/186664#815383