Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
FedLab2013-07-29 15:30:15
Nginx
FedLab, 2013-07-29 15:30:15

How to make SSL (https) access for multiple sites on the same IP?

In connection with the development of a certain service, it became necessary to use a secure connection for several projects. There is only one dedicated IP on the server.
Is it possible somehow to use multiple sites with ssl on the same IP?
From what I found on the Internet:
- name-based vhosts (apache + mod_gnutls) ( _http: // www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-... )
- SSL with Virtual Hosts Using SNI (apache) ( _http:// wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI ) , SNI (nginx) ( _http:// itbuben.org/blog/Unix-way/1621.html )
- ip- based vhosts (apache) ( _http://www.ibm.com/developerworks/ru/library/wa-multissl/... ) (I didn’t fully understand the principle of operation, how the server will determine which internal ip to send to)

In principle, using SNI is fine, full support by (old) browsers is not so relevant and important to me. But I didn’t understand how exactly the browser would behave in this case?

Are there any other options for setting up multiple ssl on one ip?
What options have you used or can recommend?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
V
Vasily, 2013-07-29
@FedLab

I use SNI with Nginx, the configuration is the same as for a single address, i.e. server_name is tritely specified, no directives need to be specially called - it just works. SNI is able to any sane browser (and insane and without it has problems).
Regarding WinXP - so SNI is not supported in IE, other browsers do not care.
wildcard certificates are quite expensive, but can be a good solution to get around SNI.SNIT

Report
S
Sergei Borisov, 2013-07-29
@risik

I, to my shame, do not really understand in theory why and how it works. but I have it on the host and it works. nginx.
server {
listen 443;
server_name host1.com;
ssl on;
ssl_certificate /path/to/host1.crt;
ssl_certificate_key /path/to/host1.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
… # rest as usual
}
and the same for the second one. Main server_name specify different and ssl certificates

Report
N
noonesshadow, 2013-07-29
@noonesshadow

SNI is not supported in WinXP
Subdomains + certificate for *.xxx.yyy universal solution

Report
P
porzione, 2013-07-29
@porzione

If the browser does not know anything about SNI, as a result, the user will see the same thing that he would see by accessing the IP, those who are default_server there.

Similar questions
D
driverx182019-10-14 01:27:10
Nginx - I can't install ssl certificate, what's the problem? 3Reply
O
OKNOZA2015-05-29 10:09:28
Proxy pass comes with Nginx by default? 2Reply
S
Sergey Pugovkin2017-05-14 12:06:01
How to install a newer version of nginx-extras debian? 3Reply
C
criminalist2019-10-15 08:25:48
Nginx close access to files if the transition is not from my domain? 1Reply
S
Saha7072019-10-15 14:34:58
How to block files through Ngnix proxy? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question