As far as I know, you will need a wildcard certificate (*.<a href="http://mydomain.com">mydomain.com</a>). There is a chicken-and-egg problem in that nginx needs to see the request URL before deciding which cert to use in the handshake. However, nginx cannot see the URL until the handshake has been completed. See <a href="http://wiki.apache.org/httpd/NameBasedSSLVHosts">http://wiki.apache.org/httpd/NameBasedSSLVHosts</a> for more details.<br>
<br><div class="gmail_quote">On Sun, May 4, 2008 at 9:54 AM, Rt Ibmer <<a href="mailto:rtibmx@yahoo.com">rtibmx@yahoo.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I have <a href="http://foo.mydomain.com" target="_blank">foo.mydomain.com</a> and <a href="http://bar.mydomain.com" target="_blank">bar.mydomain.com</a> that both resolve to the same IP, which is answered by nginx.<br>
<br>
Now I want to add SSL support to nginx so that it'll receive requests over ssl 443 for both fully qualified domains while still communicating with my backends over regular http (non-ssl).<br>
<br>
So I will get two SSL certificates - one for <a href="http://foo.mydomain.com" target="_blank">foo.mydomain.com</a> and the other for <a href="http://bar.mydomain.com" target="_blank">bar.mydomain.com</a>. However according to the config file the SSL settings for the key files are defined at the "server" declaration-block level. And in my case I have just one "server" block that is used for both <a href="http://foo.mydomain.com" target="_blank">foo.mydomain.com</a> and <a href="http://bar.mydomain.com" target="_blank">bar.mydomain.com</a>.<br>
<br>
So my question is regarding these such settings:<br>
ssl on;<br>
ssl_certificate cert.pem;<br>
ssl_certificate_key cert.key;<br>
<br>
How can I tell nginx to use the pem and keyfiles for <a href="http://foo.mydomain.com" target="_blank">foo.mydomain.com</a> AND <a href="http://bar.mydomain.com" target="_blank">bar.mydomain.com</a> when the same "server" is listening for both FQDN domains (remember, both FQDN's resolve to the same IP and it will stay that way for some time to come. Over time I may split these out).<br>
<br>
Also it may be important to mention that I am NOT doing anything with virtual servers or host headers. Rather, nginx routes the requests for both FQDNs solely by using the nginx "location" directive to serve content based on the path to the requested file.<br>
<br>
So in summary, I get some requests like this:<br>
<a href="http://foo.mydomain.com/some/path/file.gif" target="_blank">http://foo.mydomain.com/some/path/file.gif</a><br>
and<br>
<a href="http://bar.mydomain.com/some/other/path/file.htm" target="_blank">http://bar.mydomain.com/some/other/path/file.htm</a><br>
<br>
and bar and foo resolve to the same IP and nginx serves both based on that IP and location matches, in some cases passing requests to upstream servers and in other cases serving the content itself. And now I need to add SSL support using two signed certificates and have nginx use the correct one when requests come in. I hope I have explained this ok!<br>
<br>
Thanks!!<br>
<div class="WgoR0d"><br>
<br>
____________________________________________________________________________________<br>
Be a better friend, newshound, and<br>
know-it-all with Yahoo! Mobile. Try it now. <a href="http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ" target="_blank">http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ</a><br>
<br>
<br>
</div></blockquote></div><br><br clear="all"><br>-- <br>Adam<br><a href="mailto:zellster@gmail.com">zellster@gmail.com</a>