Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

NGINX SNI

0
0

Well, I might as well round out my Server Name Indication (SNI) sort of series by taking a look an nginx . Does your nginx support SNI? You can check by running nginx -V , but unless your nginx was built when dinosaurs roamed the earth, you should see:

TLS SNI support enabled

However, if you have a really, really old version of OpenSSL, you might see:

nginx was built with SNI support, however, now it is linked dynamically to an OpenSSL library which has no tlsext support, therefore SNI is not available

If you do see that, just run halt -p and walk away. They aren’t paying you enough to deal with that old server.

Presuming you do have SNI support, the rest is simple. Just as with Apache, all you need to do is tell each virtual host to use it’s own certificate:

server { listen 443; server_name example.com; ssl on; ssl_certificate /etc/nginx/ssl/example.com/server.crt; ssl_certificate_key /etc/nginx/ssl/example.com/server.key; } server { listen 443; server_name example.net; ssl on; ssl_certificate /etc/nginx/ssl/example.net/server.crt; ssl_certificate_key /etc/nginx/ssl/example.net/server.key; }

Boom! Done!


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images