Opened 7 years ago
Closed 7 years ago
#1580 closed enhancement (worksforme)
Deprecate 'ssl on;'
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | other | Version: | |
Keywords: | Cc: | ||
uname -a: | |||
nginx -V: |
nginx version: nginx/1.15.0
built with OpenSSL 1.1.0g 2 Nov 2017 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-Y8rEl9/nginx-1.15.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-Y8rEl9/nginx-1.15.0/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-Y8rEl9/nginx-1.15.0/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-Y8rEl9/nginx-1.15.0/debian/modules/http-echo --add-dynamic-module=/build/nginx-Y8rEl9/nginx-1.15.0/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-Y8rEl9/nginx-1.15.0/debian/modules/http-subs-filter |
Description
It has been some time since ssl on;
was replaced with the capability to enable SSL listeners at the listen
statement with listen 443 ssl
.
I occasionally come across people setting up both SSL and non-SSL in the same server { }
block using old configurations which had ssl on;
in them, which in turn breaks non-SSL'd traffic on the non-SSL ports.
Perhaps it's time to finally deprecate the ssl on;
directive, in favor of the listen
with ssl
option instead? This may break ancient configurations, but it will prevent some confusion for people who're following ancient guides and are trying to solve the problem of getting both HTTP and HTTPS to work.
Change History (2)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
The "ssl" directive is already deprecated starting with nginx 1.15.0 and will produce a warning when used. Quoting CHANGES:
Changes with nginx 1.15.0 05 Jun 2018 *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the "listen" directive should be used instead.
See 46c0c7ef4913 for details.
Note that this ticket is version agnostic, and does not need to be bound to a specific NGINX version string.