lulalala
Reputation: 17991
Nginx SSL on single subdomain instead of many
I am trying to set SSL for only the "API" subdomain of my site, and here is my config for SSL:
# HTTPS server
server {
listen 443;
server_name api.example.com;
ssl on;
ssl_certificate /some_path/to/server.crt;
ssl_certificate_key /some_path/to/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://site;
}
}
However Nginx seems to allow me to connect to https://example.com too. Firefox will then ask me to confirm the same certificate (self-signed by me).
I though using the server_name directive will restrict SSL to only that subdomain, but now it allows SSL requests to all of my subdomains too. Am I missing something?
Upvotes: 1
Views: 844
Answers (1)
ceejayoz
Reputation: 180147
Without Server Name Indication, a server serving HTTPS content doesn't know what the domain name being requested is (as the Host header is itself encrypted). Thus, all requests to that IP, regardless of domain name, get the default SSL virtual host.
Upvotes: 2
Related Questions
- Wildcard certificate for Subdomains?
- Nginx HTTPS subdomain redirect
- Multiple SSL certificate on one domain
- SSL cert for sub.domain.me and www.sub.domain.me
- Apply SSL and www in main domain and not in subdomain in nginx
- NGINX: Each domain shares multiple ssl_certificate's
- nginx subdomain ssl redirect redirects top level domain
- Only listen to ONE Subdomain and ONE Port
- ssl for subdirectory within nginx server configuration
- nginx proxy based on host when using https