On Tuesday, 19 December 2017 07:24:23 UTC, Antonis Christofides wrote:
>
> I may be wrong of course, but I don't recall SNI having anything to do
> with it. Just using something like
>
> server {
> listen 80;
> listen 443 ssl;
> server_name my.django.site.com;
> ...
> }
>
> will only send requests for my.django.site.com to the django project. I
> really don't know about SNI, but I recall having used SSL on Apache before
> SNI existed and I don't remember any difference with respect to that. Why
> does SNI affect this?
>
Because unless I'm misremembering something, if you *don't* add
default_server to the listen directive then requests without SNI will not
end up being served the desired SSL certificate, but if you *do* add
default_server then requests with the wrong/missing/IP-literal Host: header
will end up going to Django, which is what we wanted to avoid.
I guess I'll just have to decide which of lack-of-SNI support and
alerting-on-wrong-Host I want to lose.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/bf3e62f2-2584-4a28-8680-5cb83dd88753%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
