When Multiple HTTPS Servers Listen On A Single IP Address

In SSL protocol conduct, a typical problem occurs when two or more configured HTTPS servers listen on a single IP address.

server {
    listen          443 ssl;
    server_name     www.yoursite.com;
    ssl_certificate www.yoursite.com.crt;
    ...
}

server {
    listen          443 ssl;
    server_name     www.yoursite.org;
    ssl_certificate www.yoursite.org.crt;
    ...
}

As shown above, what exactly happens here is that the client browser starts to receive the default server’s certificate (www.yoursite.com) regardless of the name of the server requested.

This is pushed by SSL protocol conduct. Here, the connection via SSL is made before the browser sends another HTTP request and Nginx does not know the server name requested. Hence, it may only offer the default server’s certificate.

Here’s the solution:

server {
    listen          192.168.1.1:443 ssl;
    server_name     www.yoursite.com;
    ssl_certificate www.yoursite.com.crt;
    ...
}

server {
    listen          192.168.1.2:443 ssl;
    server_name     www.yoursite.org;
    ssl_certificate www.yoursite.org.crt;
    ...
}

Above given is the ancientest and most powerful way used for resolving this issue. Here a separate IP address is assigned for each HTTPS server.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.