Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add path to self signed certificate for ssl.no-default server block. #177

Closed
wants to merge 1 commit into from
Closed

Add path to self signed certificate for ssl.no-default server block. #177

wants to merge 1 commit into from

Conversation

bogdanhruban
Copy link

Based on some issues with multiple hosts (HTTPS) on a single nginx server, I had to add (self signed in my case) certificates for the ssl.no-default server block.

@AD7six
Copy link
Member

AD7six commented May 6, 2017

Hey, thanks for the PR

I don't quite understand the use case, can you explain please? It's implicit that if you want to use ssl.no-default you're already using ssl for another server block, in which case you'd already have an ssl cert and can use that if necessary. The changes here also puts a hardcoded path in the template, which is something to avoid.

Creating a self-signed certificate, to allow listening on 443, just to return a 444 response - instead of just not listening on ssl at all is an effort for no gain from my perspective.

I would recommend to put the default certificate directives in the http block - if there's an issue that'll explain why I haven't seen it.

leonklingele
leonklingele reviewed May 6, 2017
View reviewed changes
sites-available/README.md
The HTTPS no-default server config requires a valid certificate (self signed will suffice).
One can generate the certificate with:
```
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

@fullyint fullyint mentioned this pull request Sep 14, 2017
Merged
@LeoColomb LeoColomb mentioned this pull request Nov 27, 2018
Merged
@LeoColomb
Copy link
Member

With #204 merged, you can now easily configure default/custom certificates while keeping ssl configuration.

@raph-topo raph-topo mentioned this pull request May 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leonklingele leonklingele leonklingele left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bogdanhruban @AD7six @LeoColomb @leonklingele