nginx plurality of hosts on the same IP HTTPS

Why 80% of the code can not do farming architect? >>>  

More recently the company domain name change, at the same time, but also the old and new domain name to run at the same time. So, for https domain how multiple virtual host it at the same time on the same IP? Then check the manual under nginx, so there is a piece of content, as follows: If you configure multiple HTTPS hosts on the same IP, there will be a very common problem:

server {
    listen          443;
    server_name     www.example.com;
    ssl             on;
    ssl_certificate www.example.com.crt;
    ...
}

server {
    listen          443;
    server_name     www.example.org;
    ssl             on;
    ssl_certificate www.example.org.crt;
    ...
}

With the above configuration, regardless of which browser requests the host, you will only receive a certificate of default host www.example.com. This behavior is caused by the SSL protocol itself is - to establish an SSL connection, and then sends an HTTP request, so the establishment of nginx not know the name of the host requested an SSL connection, so it will only return the certificate default host. The oldest and most stable solution is to use a different IP address each HTTPS host:

server {
    listen          192.168.1.1:443;
    server_name     www.example.com;
    ssl             on;
    ssl_certificate www.example.com.crt;
    ...
}

server {
    listen          192.168.1.2:443;
    server_name     www.example.org;
    ssl             on;
    ssl_certificate www.example.org.crt;
    ...
}

Then, on the same IP, how to configure multiple HTTPS hosts it? nginx supports the TLS protocol extensions SNI (Server Name Indication, simply put the extension on the same IP makes possible a different certificate serv different domain name). However, SNI extension must also have client support, in addition to local OpenSSL must support it. If SSL support is enabled, nginx will automatically recognize OpenSSL and enable SNI. Whether to enable SNI support, is compiled by the decision of the then ssl.h (SSL_CTRL_SET_TLSEXT_HOSTNAME), if used when compiling OpenSSL library supports SNI, the target system OpenSSL library as long as it can support the normal use of the SNI. nginx default is TLS SNI support disabled. Enable method: nginx need to recompile and enable TLS. Proceed as follows:

# wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz
# tar zxvf openssl-1.0.1e.tar.gz 
# ./configure --prefix=/usr/local/nginx --with-http_ssl_module \
--with-openssl=./openssl-1.0.1e \
--with-openssl-opt="enable-tlsext" 
# make
# make install

View is enabled:

# /usr/local/nginx/sbin/nginx -V
TLS SNI support enabled

HTTPS so that you can configure multiple hosts on the same IP. Examples are as follows:

server  {
        listen 443;
        server_name   www.ttlsa.com;
        index index.html index.htm index.php;
        root  /data/wwwroot/www.ttlsa.com/webroot;
        ssl on;
        ssl_certificate "/usr/local/nginx/conf/ssl/www.ttlsa.com.public.cer";
        ssl_certificate_key "/usr/local/nginx/conf/ssl/www.ttlsa.com.private.key";   
		......
}		

server  {
        listen 443;
        server_name   www.heytool.com;
        index index.html index.htm index.php;
        root  /data/wwwroot/www.heytool.com/webroot;
        ssl on;
        ssl_certificate "/usr/local/nginx/conf/ssl/www.heytool.com.public.cer";
        ssl_certificate_key "/usr/local/nginx/conf/ssl/www.heytool.com.private.key";   
		......
}

Such access each virtual host are normal. Reproduced, please indicate the survival time from the operation and maintenance: http://www.ttlsa.com/html/4288.html

Reproduced in: https: //my.oschina.net/766/blog/211177