Maintaining single TLS handshake state across multiple subdomains on the same serverSSL on multiple subdomains with the same IPTwo Nginx subdomains with different root folders but both going to the same?Multiple domains and subdomains with SSL on single server with NGINXTwo https virtualhosts on same server: same port, different subdomainsRedirect from port 80 to 443 with nginx and multiple serversHow to redirect all HTTP requests to HTTPS AND redirect all nonexistent subdomains to one specific domainMultiple Domains and Subdomains on one IP Apache2Root domain and subdomains on the same SAN certificate?How to manage multiple sites on the same server with Nginx?Communicate SSL handshake failure info between two NGINX servers
Plagiarism or not?
CAST throwing error when run in stored procedure but not when run as raw query
If human space travel is limited by the G force vulnerability, is there a way to counter G forces?
Could the museum Saturn V's be refitted for one more flight?
How to prevent "they're falling in love" trope
How much of data wrangling is a data scientist's job?
Zip/Tar file compressed to larger size?
Why do bosons tend to occupy the same state?
In 'Revenger,' what does 'cove' come from?
How badly should I try to prevent a user from XSSing themselves?
What does “the session was packed” mean in this context?
Size of subfigure fitting its content (tikzpicture)
Are there any examples of a variable being normally distributed that is *not* due to the Central Limit Theorem?
Do UK voters know if their MP will be the Speaker of the House?
Is it inappropriate for a student to attend their mentor's dissertation defense?
Unlock My Phone! February 2018
How to show a landlord what we have in savings?
What method can I use to design a dungeon difficult enough that the PCs can't make it through without killing them?
How to tell a function to use the default argument values?
One verb to replace 'be a member of' a club
How to Recreate this in LaTeX? (Unsure What the Notation is Called)
How seriously should I take size and weight limits of hand luggage?
How does a predictive coding aid in lossless compression?
What reasons are there for a Capitalist to oppose a 100% inheritance tax?
Maintaining single TLS handshake state across multiple subdomains on the same server
SSL on multiple subdomains with the same IPTwo Nginx subdomains with different root folders but both going to the same?Multiple domains and subdomains with SSL on single server with NGINXTwo https virtualhosts on same server: same port, different subdomainsRedirect from port 80 to 443 with nginx and multiple serversHow to redirect all HTTP requests to HTTPS AND redirect all nonexistent subdomains to one specific domainMultiple Domains and Subdomains on one IP Apache2Root domain and subdomains on the same SAN certificate?How to manage multiple sites on the same server with Nginx?Communicate SSL handshake failure info between two NGINX servers
I currently have two different subdomains that I would like to host on a single server. The scenario that I wish to implement is when the first domain fails due to an SSL handshake error, the second domain should be able to redirect to a new third subdomain based on this failure information (for the same client). Therefore, while the first subdomain is unable to complete the TLS handshake and move on to the HTTP layer to do the redirect, the second domain is still alive and waiting to see whether the TLS handshake for the first domain got rejected or not.
From my current beginner knowledge of how servers are implemented, I believe that communicating this TLS state across two servers may not be possible. However, I am wondering whether this is something that is doable if I have a single server handling all the subdomains. Can I for example, maintain a single store of information about the TLS states connected with the two subdomains? Is this something that may be possible in either NGINX or APACHE server configurations? Or via some other route?
One of the possibilities I have explored is the map command inside nginx where you can set up a variable, and then read it inside the server. Could something like this be also used? For example, I could set up the variable inside subdomain one if the handshake has failed, and then read the variable when I am about to redirect from the second subdomain to do a conditional redirect.
Alternatively, since my ultimate requirement is to be able to redirect from subdomain-one to subdomain-three if subdomain one fails, can I just redirect to a new subdomain using the error directive if I notice 492 error code (which specifies whether there is an error in the client verfication process) as mentioned over here. I have tested this by adding an error page:
error_page 492 /home/vagrant/flask_app/app_name/app/static/images/pixel_fail.png
but it doesn't seem to be working.
Would very much appreciate help regarding this.
nginx ssl apache2
asked 2 days ago
QPTRQPTR
992
New contributor
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I currently have two different subdomains that I would like to host on a single server. The scenario that I wish to implement is when the first domain fails due to an SSL handshake error, the second domain should be able to redirect to a new third subdomain based on this failure information (for the same client). Therefore, while the first subdomain is unable to complete the TLS handshake and move on to the HTTP layer to do the redirect, the second domain is still alive and waiting to see whether the TLS handshake for the first domain got rejected or not.
From my current beginner knowledge of how servers are implemented, I believe that communicating this TLS state across two servers may not be possible. However, I am wondering whether this is something that is doable if I have a single server handling all the subdomains. Can I for example, maintain a single store of information about the TLS states connected with the two subdomains? Is this something that may be possible in either NGINX or APACHE server configurations? Or via some other route?
One of the possibilities I have explored is the map command inside nginx where you can set up a variable, and then read it inside the server. Could something like this be also used? For example, I could set up the variable inside subdomain one if the handshake has failed, and then read the variable when I am about to redirect from the second subdomain to do a conditional redirect.
Alternatively, since my ultimate requirement is to be able to redirect from subdomain-one to subdomain-three if subdomain one fails, can I just redirect to a new subdomain using the error directive if I notice 492 error code (which specifies whether there is an error in the client verfication process) as mentioned over here. I have tested this by adding an error page:
error_page 492 /home/vagrant/flask_app/app_name/app/static/images/pixel_fail.png
but it doesn't seem to be working.
Would very much appreciate help regarding this.
nginx ssl apache2
asked 2 days ago
QPTRQPTR
992
New contributor
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
So, basically subdomain one and two are both loaded at the same time. Subdomain one fails on handshake, and subdomain two is holding off its response until it somehow knows that the first subdomain has failed. So, while I cannot redirect via subdomain one (which you rightly pointed out cannot redirect until the TLS handshake has been completed), I can still redirect using subdomain two. So, my question is whether a sharing of state (via some sort of variable or anything else) is possible between the two subdomains since they are both on the same server.
– QPTR
2 days ago
Rather than add comments please delete the comment and edit your post to make sure it contains all the information someone would need to help solve your problem. Make it easy for people to help you. Suggest you remove the "edit" section of your post and make it a single, consistent, easy to understand question.
– Tim
2 days ago
@Tim This comment was a response to a question asked in the comments, which I believe they deleted later. But yes, I will make it more consistent.
– QPTR
yesterday
add a comment |
I currently have two different subdomains that I would like to host on a single server. The scenario that I wish to implement is when the first domain fails due to an SSL handshake error, the second domain should be able to redirect to a new third subdomain based on this failure information (for the same client). Therefore, while the first subdomain is unable to complete the TLS handshake and move on to the HTTP layer to do the redirect, the second domain is still alive and waiting to see whether the TLS handshake for the first domain got rejected or not.
From my current beginner knowledge of how servers are implemented, I believe that communicating this TLS state across two servers may not be possible. However, I am wondering whether this is something that is doable if I have a single server handling all the subdomains. Can I for example, maintain a single store of information about the TLS states connected with the two subdomains? Is this something that may be possible in either NGINX or APACHE server configurations? Or via some other route?
One of the possibilities I have explored is the map command inside nginx where you can set up a variable, and then read it inside the server. Could something like this be also used? For example, I could set up the variable inside subdomain one if the handshake has failed, and then read the variable when I am about to redirect from the second subdomain to do a conditional redirect.
Alternatively, since my ultimate requirement is to be able to redirect from subdomain-one to subdomain-three if subdomain one fails, can I just redirect to a new subdomain using the error directive if I notice 492 error code (which specifies whether there is an error in the client verfication process) as mentioned over here. I have tested this by adding an error page:
error_page 492 /home/vagrant/flask_app/app_name/app/static/images/pixel_fail.png
but it doesn't seem to be working.
Would very much appreciate help regarding this.
nginx ssl apache2
asked 2 days ago
QPTRQPTR
992
New contributor
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I currently have two different subdomains that I would like to host on a single server. The scenario that I wish to implement is when the first domain fails due to an SSL handshake error, the second domain should be able to redirect to a new third subdomain based on this failure information (for the same client). Therefore, while the first subdomain is unable to complete the TLS handshake and move on to the HTTP layer to do the redirect, the second domain is still alive and waiting to see whether the TLS handshake for the first domain got rejected or not.
From my current beginner knowledge of how servers are implemented, I believe that communicating this TLS state across two servers may not be possible. However, I am wondering whether this is something that is doable if I have a single server handling all the subdomains. Can I for example, maintain a single store of information about the TLS states connected with the two subdomains? Is this something that may be possible in either NGINX or APACHE server configurations? Or via some other route?
One of the possibilities I have explored is the map command inside nginx where you can set up a variable, and then read it inside the server. Could something like this be also used? For example, I could set up the variable inside subdomain one if the handshake has failed, and then read the variable when I am about to redirect from the second subdomain to do a conditional redirect.
Alternatively, since my ultimate requirement is to be able to redirect from subdomain-one to subdomain-three if subdomain one fails, can I just redirect to a new subdomain using the error directive if I notice 492 error code (which specifies whether there is an error in the client verfication process) as mentioned over here. I have tested this by adding an error page:
error_page 492 /home/vagrant/flask_app/app_name/app/static/images/pixel_fail.png
but it doesn't seem to be working.
Would very much appreciate help regarding this.
nginx ssl apache2
nginx ssl apache2
asked 2 days ago
QPTRQPTR
992
New contributor
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
QPTRQPTR
992
New contributor
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited yesterday
QPTR
asked 2 days ago
QPTRQPTR
992
New contributor
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
QPTRQPTR
992
asked 2 days ago
QPTRQPTR
992
992
New contributor
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
QPTR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
So, basically subdomain one and two are both loaded at the same time. Subdomain one fails on handshake, and subdomain two is holding off its response until it somehow knows that the first subdomain has failed. So, while I cannot redirect via subdomain one (which you rightly pointed out cannot redirect until the TLS handshake has been completed), I can still redirect using subdomain two. So, my question is whether a sharing of state (via some sort of variable or anything else) is possible between the two subdomains since they are both on the same server.
– QPTR
2 days ago
Rather than add comments please delete the comment and edit your post to make sure it contains all the information someone would need to help solve your problem. Make it easy for people to help you. Suggest you remove the "edit" section of your post and make it a single, consistent, easy to understand question.
– Tim
2 days ago
@Tim This comment was a response to a question asked in the comments, which I believe they deleted later. But yes, I will make it more consistent.
– QPTR
yesterday
add a comment |
So, basically subdomain one and two are both loaded at the same time. Subdomain one fails on handshake, and subdomain two is holding off its response until it somehow knows that the first subdomain has failed. So, while I cannot redirect via subdomain one (which you rightly pointed out cannot redirect until the TLS handshake has been completed), I can still redirect using subdomain two. So, my question is whether a sharing of state (via some sort of variable or anything else) is possible between the two subdomains since they are both on the same server.
– QPTR
2 days ago
Rather than add comments please delete the comment and edit your post to make sure it contains all the information someone would need to help solve your problem. Make it easy for people to help you. Suggest you remove the "edit" section of your post and make it a single, consistent, easy to understand question.
– Tim
2 days ago
@Tim This comment was a response to a question asked in the comments, which I believe they deleted later. But yes, I will make it more consistent.
– QPTR
yesterday
So, basically subdomain one and two are both loaded at the same time. Subdomain one fails on handshake, and subdomain two is holding off its response until it somehow knows that the first subdomain has failed. So, while I cannot redirect via subdomain one (which you rightly pointed out cannot redirect until the TLS handshake has been completed), I can still redirect using subdomain two. So, my question is whether a sharing of state (via some sort of variable or anything else) is possible between the two subdomains since they are both on the same server.
– QPTR
2 days ago
So, basically subdomain one and two are both loaded at the same time. Subdomain one fails on handshake, and subdomain two is holding off its response until it somehow knows that the first subdomain has failed. So, while I cannot redirect via subdomain one (which you rightly pointed out cannot redirect until the TLS handshake has been completed), I can still redirect using subdomain two. So, my question is whether a sharing of state (via some sort of variable or anything else) is possible between the two subdomains since they are both on the same server.
– QPTR
2 days ago
Rather than add comments please delete the comment and edit your post to make sure it contains all the information someone would need to help solve your problem. Make it easy for people to help you. Suggest you remove the "edit" section of your post and make it a single, consistent, easy to understand question.
– Tim
2 days ago
Rather than add comments please delete the comment and edit your post to make sure it contains all the information someone would need to help solve your problem. Make it easy for people to help you. Suggest you remove the "edit" section of your post and make it a single, consistent, easy to understand question.
– Tim
2 days ago
@Tim This comment was a response to a question asked in the comments, which I believe they deleted later. But yes, I will make it more consistent.
– QPTR
yesterday
@Tim This comment was a response to a question asked in the comments, which I believe they deleted later. But yes, I will make it more consistent.
– QPTR
yesterday
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
QPTR is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961000%2fmaintaining-single-tls-handshake-state-across-multiple-subdomains-on-the-same-se%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
QPTR is a new contributor. Be nice, and check out our Code of Conduct.
QPTR is a new contributor. Be nice, and check out our Code of Conduct.
QPTR is a new contributor. Be nice, and check out our Code of Conduct.
QPTR is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961000%2fmaintaining-single-tls-handshake-state-across-multiple-subdomains-on-the-same-se%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
So, basically subdomain one and two are both loaded at the same time. Subdomain one fails on handshake, and subdomain two is holding off its response until it somehow knows that the first subdomain has failed. So, while I cannot redirect via subdomain one (which you rightly pointed out cannot redirect until the TLS handshake has been completed), I can still redirect using subdomain two. So, my question is whether a sharing of state (via some sort of variable or anything else) is possible between the two subdomains since they are both on the same server.
– QPTR
2 days ago
Rather than add comments please delete the comment and edit your post to make sure it contains all the information someone would need to help solve your problem. Make it easy for people to help you. Suggest you remove the "edit" section of your post and make it a single, consistent, easy to understand question.
– Tim
2 days ago
@Tim This comment was a response to a question asked in the comments, which I believe they deleted later. But yes, I will make it more consistent.
– QPTR
yesterday