The problem
We need Server Name Indication (SNI) for nginx, but the OpenSSL version included in Ubuntu 10.04 does not support it.Edit: I just noticed that I was wrong. SNI *IS* supported by the version of openssl provided with Ubuntu 10.04: libssl0.9.8-7ubuntu8.13
The solution
- Download, build and install a recent version of OpenSSL
- Compile nginx against this version of OpenSSL
- Do not replace the system openssl
# install dependencies sudo apt-get install build-essential libpcre3-dev libxml2-dev libxslt1-dev cd mkdir -p src; cd src wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz tar xzf openssl* cd openssl* ./config shared zlib-dynamic make # This installs everything in /usr/local/ssl
sudo make install
wget http://nginx.org/download/nginx-1.2.5.tar.gz tar xzf nginx* cd nginx* # edit auto/lib/openssl/conf manually or use sed sed -i -e 's|\.openssl/||' auto/lib/openssl/conf ./configure --with-openssl=/usr/local/ssl --with-http_ssl_module make # test if SNI is displayed ./objs/nginx -V # if everithing is ok, install sudo make install
