Default ssl server and sni

rthur nginx-forum at
Wed Dec 17 17:06:57 UTC 2014

I have a bunch of https websites available over a single IP working with sni
on nginx 1.0.15.

Currently, anyone accessing a domain name that resolves to the same IP is
greeted with a certificate mismatch error due to nginx choosing the first
server as the default.

Instead of using the first server as the default, I'd like to create a
catch-all https server that drops/resets the tcp connection. As such all
domain names that have an associated server block would still work using
sni, but IPs or other domain names would simply result in a dropped

Unfortunately, I can't seem to get this to work. If I define the server
block below, all requests are handled by the catch-all server, and all the
websites become inaccessible. Here is the server block I've defined:

server {
    listen 443 default_server;
    return 443;

Does anyone know how I could achieve this?



Posted at Nginx Forum:,255583,255583#msg-255583

More information about the nginx mailing list