Aug 16, 2020, 11:44 AM by tro...@kagu-tsuchi.com:
> Because it's not the same IP and port anymore. You can only have one
> thing listening on an ip+port
I got a working httpd config with same IP and same Port
server "domain.tld" {
listen on $ext_ip tls port 443
tls {
certificate "/etc/ssl/domain.tld.fullchain.pem"
key "/etc/ssl/private/domain.tld.key"
ciphers "HIGH:!AES128:!kRSA:!aNULL"
ecdhe "P-384,P-256,X25519"
}
}
server "sub.domain.tld" {
listen on 0.0.0.0 port 8000 # confusion?
listen on $ext_ip tls port 443
tls {
certificate "/etc/ssl/domain.tld.fullchain.pem"
key "/etc/ssl/private/domain.tld.key
}
}
This indeed listen on same address ($ext_ip) and same port (443)
and works as intended with different cipher and ecdhe.
Note: only when I add listen on 0.0.0.0 port 8000
>Httpd allows you to configure multiple
>"servers" for subdomains but in reality there is one actual server
>listening and it has to know what parameters to use
Sorry, I don't understand your reasoning because
shouldn't httpd work the same way with or without extra listen on 0.0.0.0
