1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-25 05:16:30 +00:00

Grammar/formatting

This commit is contained in:
Jason Wilder 2014-12-02 14:43:50 -07:00
parent 61c3933e0e
commit 50839742f2

View File

@ -64,18 +64,18 @@ To enable SSL:
The contents of `/path/to/certs` should contain the certificates and private keys for any virtual
hosts in use. The certificate and keys should be named after the virtual host with a `.crt` and
`.key` extension. For example, a container with `VIRTUAL_HOST=foo.bar.com` should have a
`foo.bar.com.crt` and 'foo.bar.com.key' file in the certs directory.
`foo.bar.com.crt` and `foo.bar.com.key` file in the certs directory.
#### Wildcard Certificates
Wildcard certificate and keys should be name after the domain name with a `.crt` and `.key` extension.
For example `VIRTUAL_HOST=foo.bar.com` could also use cert name `bar.com.crt` and `bar.com.key`.
Wildcard certificates and keys should be name after the domain name with a `.crt` and `.key` extension.
For example `VIRTUAL_HOST=foo.bar.com` would use cert name `bar.com.crt` and `bar.com.key`.
#### SNI
If your certificate(s) supports multiple domain names, you can start a container with `CERT_NAME=<name>`
to identify the certificate to be used. For example, a certificate for `*.foo.com` and `*.bar.com`
could be name `shared.crt` and `shared.key`. A container running with `VIRTUAL_HOST=foo.bar.com`
could be named `shared.crt` and `shared.key`. A container running with `VIRTUAL_HOST=foo.bar.com`
and `CERT_NAME=shared` will then use this shared cert.
#### How SSL Support Works
@ -92,6 +92,6 @@ is always preferred when available.
* If the container does not have a usable cert, a 503 will be returned.
Note that in the latter case, a browser may get an connection error as no certificate is available
to establish a connection. A self-signed or generic cert can be defined as "default.crt" and "default.key"
which will allow a client browser to make a SSL connection (likely w/ a warning) and subsequently receive
a 503.
to establish a connection. A self-signed or generic cert named `default.crt` and `default.key`
will allow a client browser to make a SSL connection (likely w/ a warning) and subsequently receive
a 503.