<HTML>
<HEAD>
<TITLE>SSL & Nginx</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Hello,<BR>
<BR>
First let me wish everybody a very good and healthy 2011!<BR>
<BR>
We are using nginx for loadbalancing multiple websites. Almost every website has SSL enabled.<BR>
<BR>
We have one upstream for a couple of websites:<BR>
<BR>
#start webservers:<BR>
upstream webservers-fair {<BR>
fair;<BR>
server 213.154.235.247 max_fails=5 fail_timeout=20s weight=1;<BR>
server 213.154.235.248 max_fails=5 fail_timeout=20s weight=1;<BR>
} #end upstream<BR>
<BR>
The upstream needed is provided in the config, here is the problem. We use the config IP multiple times with different certificates and different server_name variables. Last Friday we’ve noticed that the certificate wasn’t working well in IE7/8/9. Is this a known problem or am I doing something wrong?<BR>
<BR>
server {<BR>
listen xxx.xxx.xxx.249:80;<BR>
server_name domain.nl;<BR>
server_name domain.nl;<BR>
#logs<BR>
access_log /var/log/nginx/lb1-webservers.access.log;<BR>
error_log /var/log/nginx/lb1-webservers.error.log;<BR>
<BR>
location / {<BR>
proxy_pass <a href="http://webservers-fair">http://webservers-fair</a>;<BR>
proxy_set_header Host $host;<BR>
proxy_set_header X-Real-IP $remote_addr;<BR>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<BR>
proxy_redirect off;<BR>
proxy_max_temp_file_size 0;<BR>
client_max_body_size 30M;<BR>
}<BR>
<BR>
location /status {<BR>
stub_status on;<BR>
access_log off;<BR>
}<BR>
<BR>
}#end server<BR>
<BR>
server {<BR>
listen xxx.xxx.xxx.249:443;<BR>
server_name domain.nl;<BR>
server_name domain.nl;<BR>
#logs<BR>
access_log /var/log/nginx/lb1-webservers.access.log;<BR>
error_log /var/log/nginx/lb1-webservers.error.log;<BR>
<BR>
ssl on;<BR>
ssl_certificate /certificates/ssl/domain-nl.crt;<BR>
ssl_certificate_key /certificates/ssl/domain-nl.key;<BR>
<BR>
ssl_session_timeout 5m;<BR>
<BR>
ssl_protocols SSLv2 SSLv3 TLSv1;<BR>
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;<BR>
ssl_prefer_server_ciphers on;<BR>
<BR>
<BR>
location / {<BR>
proxy_pass <a href="http://webservers-fair">http://webservers-fair</a>;<BR>
proxy_set_header Host $host;<BR>
proxy_set_header X-Real-IP $remote_addr;<BR>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<BR>
proxy_redirect off;<BR>
proxy_max_temp_file_size 0;<BR>
client_max_body_size 30M;<BR>
}<BR>
<BR>
location /status-ssl {<BR>
stub_status on;<BR>
access_log off;<BR>
}<BR>
<BR>
}#end server<BR>
<BR>
########################### WEBSERVER ###############################################<BR>
<BR>
Help is much appreciated!!<BR>
<BR>
Grt<BR>
Jaap van Arragon<BR>
</SPAN></FONT>
</BODY>
</HTML>