How several SSL on one server, behind a varnish layer?

Question

How several SSL on one server, behind a varnish layer?

I have a need for a server for multiple applications from the same server with SSL requirements.

I am currently thinking of starting Nginx with SNI, but most IE does not support SNI. What happens when someone with a browser that does not support SNI makes an SSL request to my server?

I am also thinking of adding a layer of varnish in front of it, how does it work for SSL connections?

+4

ssl nginx sni varnish

Rodrigo Dellacqua Jul 17 '11 at 20:31

source share

1 answer

Alexd · Answer 1 · 2011-07-18T04:48:26+0000

If you have nginx with SNI enabled, and there is an old browser that does not support SNI, then nginx will return the SSL certificate for its server by default (as if SNI was not enabled) and if the server name in the returned certificate does not match the host name requested by the browser, the browser will complain about the inconsistent certificate loudly. See this discussion with nginx author.

And Varnish does not support SSL at all. See this explanation by the varnish author.

How several SSL on one server, behind a varnish layer?

More articles: