Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Не получается настроить SNI (виртуальные хосты для HT TPS)
- To: nginx-ru@xxxxxxxxx
- Subject: Не получается настроить SNI (виртуальные хосты для HT TPS)
- From: Vladimir M <marunin@xxxxxxxxx>
- Date: Thu, 24 Feb 2011 23:48:36 +0300
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=HtUXQcXpGBwu5nN2IXTMdV4BBCFPNt8JfIzySL/z2vk=; b=jAGtZq8k+H0dDry0gUDi0fLGL1Cx4AwnkbMXT+77zQf8qFiyu5dKzABrzfqQuW/Omc B5v5lj829WcYp6l9iY5EnkzyNDAXkRqUG4Z7ZlQYarL8ob+IqKOtW7wlG/PGsPE+FUc2 avZPPmKSemTxR3MEViMdr6+sIZFqUJHL0k79I=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=C+cxj3oVtEpOAPLnsT4OJ7BUvbWTuCdI/x6ANdjU88MHMAp0vMBEk30p8AY6q1Hhcs z3FOuOCVvYoai+5bXLVk5DalJF6Xps87sBFUVjhaY/g+6yr59Z1mcjQKacv2Y+lSYLEm 3MP0q+Au32t26EbZK4oPBaLWpURWOHW0/8mLw=
Помогите, пожалуйста, заставить работать 2 wildcard SSL сертификата на одном ip
Есть сертификаты для *.domain1.com и *.domain2.com
Проблема в том, что в ответ на запрос на
'https://my.domain2.com/login/' едет сертификат от domain1.com
nginx -V
nginx version: nginx/0.7.63
TLS SNI support enabled
configure arguments: --prefix=/usr --user=www-data --group=www-data
--conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--http-client-body-temp-path=/var/cache/nginx/client-body
--http-proxy-temp-path=/var/cache/nginx/proxy
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi
--with-http_perl_module --with-http_ssl_module --with-http_sub_module
--with-http_realip_module --with-debug
server {
ssl on;
listen 443;
server_name *.domain1.com;
ssl_certificate /etc/nginx/cert/domain1.com.crt;
ssl_certificate_key /etc/nginx/cert/domain1.com.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://localhost:4433;
}
}
server {
ssl on;
listen 443;
server_name *.domain2.com;
ssl_certificate /etc/nginx/cert/domain2.com.crt;
ssl_certificate_key /etc/nginx/cert/domain2.com.key;
keepalive_timeout 70;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://localhost:4433;
}
}
wget -S -O /dev/null 'https://my.domain2.com/login/'
--2011-02-24 23:37:27-- https://my.domain2.com/login/
Resolving my.domain2.com... <тут был ip>
Connecting to my.domain2.com|<тут был ip>|:443... connected.
ERROR: certificate common name `*.domain1.com' doesn't match requested
host name `my.domain2.com'.
To connect to my.domain2.com insecurely, use `--no-check-certificate'.
_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru
|