id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 2460 listen 443 ssl precedence https://stackoverflow.com/users/12360980/logi "Hi, I belive this is a bug. Using `listen ... ssl` in a single vhost server block forces every other vhost (even defined in a different file!) with same port listening to apply ssl-related directives, i.e.: `nginx[343400]: nginx: [emerg] no ""ssl_certificate"" is defined for the ""listen ... ssl"" directive in /etc/nginx/sites-enabled/aaa-default.conf:1` {{{ /etc/nginx/sites-enabled #: cat aaa-default.conf server { listen 80; listen 443; server_name _; } }}} and the other file, that using ssl: {{{ server { # Update this line to be your domain listen 80; server_name xxx.domain.tld; } server { listen 443 ssl; server_name xxx.domain.tld; ssl_dhparam /etc/nginx/ssl/dhparams.pem; add_header Strict-Transport-Security ""max-age=31536000; includeSubdomains""; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; proxy_buffering off; location / { proxy_pass ht_t_ps:_/_/xxx.xxx.xxx.xxx; #Maximum number of external links per post exceeded proxy_set_header Host $host; proxy_redirect ht_tp:// htt_ps://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } }}} {{{ /etc/nginx/sites-enabled #: cat ../inc/ssl.conf #ssl on; ssl_certificate /root/.acme.sh/logiczny.it/fullchain.cer; ssl_certificate_key /root/.acme.sh/logiczny.it/logiczny.it.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; }}} I can observe same behaviour, no matter what port I setup to listen on ssl (80 acts identical), so I strongly belive that adding `ssl` to `listen` directive causing that. Is that how this suppose to work?" defect closed trivial nginx-core 1.18.x invalid https://stackoverflow.com/users/12360980/logi Linux xxx 5.10.0-20-amd64 #1 SMP Debian 5.10.158-2 (2022-12-13) x86_64 GNU/Linux "nginx version: nginx/1.18.0 built with OpenSSL 1.1.1n 15 Mar 2022 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-x3gsRV/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module "