stackoom
  简体   繁体   中英

How to configure NginX: one domain with SSL, another without

 原文  2018-10-16 12:34:58       ssl/ nginx

Question

I have 2 domains on single host using NginX:

  1. Full server with SSL (Python back end) on both 80 and 443 ports.

  2. Just redirect to another domain, no SSL.

They are described in server sections of different .conf files:

1. 

server {
    listen 80;
    listen 443 ssl;
    server_name  verni-verni.ru www.verni-verni.ru;

    # Certificates
    ssl_certificate /var/www/SSL/ca.crt;
    ssl_certificate_key /var/www/SSL/private.key;

    # Logs
    ...

    # Static Content
    ...

    # Reverse Proxy
    location / {
        ...
    }
}

2. 

server {
    listen 80;
#    listen 443;
    server_name  gdeclient.ru;

    rewrite ^/(.*)$ http://... redirect;
}

If I set up only 80 port for the second domain, then it doesn't redirect HTTPS connections.

But if I setup 443 port also (without SSL) for the second domain, than the port 443 doesn't work for the first domain, I get the following error :

no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking

The questions:

  1. Why the second redirecting server affects the first one, if they have different domain names???

  2. Is it possible to setup HTTPS redirecting for the second server without using SSL and without affecting the first server?

2 answers

solution1
 1 ACCPTED  2018-10-16 13:50:35

In answer to your questions:

  1. Nginx accepts the connection on port 443 and then needs to decide which server to use to process it. See how Nginx processes a request and Server Name Indication .

  2. If you have no certificate for the second domain, you will not be able to accept HTTPS connections for that domain without the browser complaining about the certificate - even if you only want to redirect it elsewhere.

If you only want to prevent the HTTPS connections to the second domain being incorrectly handled by the first, just add listen 443 ssl; to the second domain, and either make the ssl_certificate statements global, or repeat them in the second server block.

solution2
 1  2018-10-17 01:32:14

Why the second redirecting server affects the first one, if they have different domain names???

Because the SSL handshake and connection is established before the browser sends an HTTP request and nginx does not know the name of the requested server. In your case, request is going to the default server block (2nd server block) for all port 443 requests, cannot find ssl_certificate config and complains.

If you make your ssl_certificate declarations global then it will redirect it to first server block correctly.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to configure NGINX SSL (SNI) How can I move an ssl certificate from one domain to another? How to configure nginx ssl to support ie6 How to configure Nginx and Node to use SSL? How to configure SSL termination on Nginx with a Rails application Sitecore multisite : How to configure SSL for different domain How to add www. to domain with NginX and SSL? Configure SocketCluster with nginx and ssl Configure NGINX + CloudFlare + SSL How do I configure jetty to listen on multiple ports for ssl connections: one with mutualAuth, one without
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM