<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'><div style="text-align: left;">Note that the base domain (example.com) redirects fine to WWW (www.example.com). Then adding a 2nd subdomain, API (api.example.com), returns the WWW certificate rather than the API one and flags a trust concern in most browsers. Tried a listen field with both api.example.com:443 and the local interface 127.0.0.1:443, all fail in the same way. Redirect works fine except it returns the incorrect SSL certiicate.<br><br> server {<br> listen api.example.com:443;<br> server_name api.example.com api;<br><br> ssl on;<br> ssl_certificate /opt/local/nginx/certs/api.example.com.crt; <br> ssl_certificate_key /opt/local/nginx/certs/api.example.com.key; <br><br> rewrite ^/(.*) https://www.example.com/$1 permanent;<br> }<br><br> server {<br> listen api.example.com:80;<br> server_name api.example.com api;<br> rewrite ^/(.*) http://www.example.com/$1 permanent;<br> }<br></div><br>Thanks again for looking into this concern,<br>Martian<br><br><hr id="stopSpelling">> Date: Tue, 9 Sep 2008 10:22:15 +0400<br>> From: is@rambler-co.ru<br>> To: nginx@sysoev.ru<br>> Subject: Re: cert handling on redirect of https subdomains<br>> <br>> On Tue, Sep 09, 2008 at 05:51:04AM +0000, Martian Alien wrote:<br>> <br>> > Hi Nginx Group,<br>> > <br>> > Just wanted to start off by saying nginx is a rad web server! Na zdrowie!<br>> > <br>> > So we've noticed some issues with setting up https ssl certificates over multiple subdomains.<br>> > <br>> > The base domain (example.com) and the first subdomain (www.example.com) work beautifully:<br>> > <br>> > server {<br>> > listen www.example.com:443 default;<br>> > server_name www.example.com;<br>> > <br>> > ssl on;<br>> > ssl_certificate /opt/local/nginx/certs/www.example.com.crt; <br>> > ssl_certificate_key /opt/local/nginx/certs/www.example.com.key; <br>> > <br>> > location / {<br>> > # ...<br>> > }<br>> > }<br>> > <br>> > server {<br>> > <br>> > listen www.example.com:80 default;<br>> > <br>> > server_name www.example.com;<br>> > location / {<br>> > <br>> > # ...<br>> > <br>> > }<br>> > <br>> > }<br>> > <br>> > <br>> > server {<br>> > listen example.com:443;<br>> > server_name example.com;<br>> > <br>> > ssl on;<br>> > ssl_certificate /opt/local/nginx/certs/example.com.crt; <br>> > ssl_certificate_key /opt/local/nginx/certs/example.com.key; <br>> > <br>> > rewrite ^/(.*) https://www.example.com/$1 permanent;<br>> > }<br>> > <br>> > server {<br>> > server_name example.com;<br>> > rewrite ^/(.*) http://www.example.com/$1 permanent;<br>> > }<br>> > <br>> > NOW, If the following is added, the correct SSL cert for api.example.com is not loaded before the redirect, the www.example.com cert is loaded instead:<br>> > <br>> > server {<br>> > listen 127.0.0.1:443;<br>> > server_name api.example.com api;<br>> > <br>> > ssl on;<br>> > ssl_certificate /opt/local/nginx/certs/api.example.com.crt; <br>> > ssl_certificate_key /opt/local/nginx/certs/api.example.com.key; <br>> > <br>> > rewrite ^/(.*) https://www.example.com/$1 permanent;<br>> > }<br>> > <br>> > server {<br>> > listen 127.0.0.1:80;<br>> > server_name api.example.com api;<br>> > rewrite ^/(.*) http://www.example.com/$1 permanent;<br>> > }<br>> > <br>> > <br>> > Any ideas on how, to setup multiple SSL / HTTPS subdomains, each with their own cert in nginx?<br>> > <br>> > I've tried many conf variants. At this point, I'm suspecting it is a bug in nginx, but how would that be possible. =)<br>> <br>> 127.0.0.1 is loopback interface, do you connect to it from outside ?<br>> <br>> <br>> -- <br>> Igor Sysoev<br>> http://sysoev.ru/en/<br>> <br><br /><hr />See how Windows Mobile brings your life together—at home, work, or on the go. <a href='http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/' target='_new'>See Now</a></body>
</html>