I have some Nginx servers which shares their configuration together because they are in a load balancer pool.
So I have a unique configuration for all servers and all servers are listening on *:80 and *:443 addresses.
But this is causing me some problems with the SSL certificates on clients which does not support SNI (like Windows XP).
To solve this I should specify a different IP address for each SSL website, but this is different from every server in the pool of course.
Do you have some advises?
Could I specify multiple IPs in the same server without causing an error in case Nginx cannot bind on one of them?
Thank you very much!
Not sure what OS you're running, because you didn't state this, but if it's some Linux flavor: Allow processes to bind / listen to / on "non-local" IPs. To do so:
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bindIf you wan't to make this persistent, aka "across reboots", you have to put it "somewhere". For Debian based distributions, this would be for example
/etc/sysctl.conf: Inside, put a line readingand execute
sysctl -por do a reboot.This is an instance where you might prefer to do centralized SSL termination. Rather than have your
nginxinstances worry about SSL at all, just have them do http and centralize SSL termination on anhaproxybox or redundant load balancers like A10 or Netscaler. Your proxy/LB would then redirect the connection to thenginxboxes. This article explains how to get SSL working on haproxy.