Selection of secure virtual servers

Joó Ádám adam at jooadam.hu
Fri Nov 13 14:37:28 UTC 2015


Hi,

I would like to terminate TLS connections arriving at the default
server, only serving requests with the correct host header, relying on
SNI.

The configuration is as follows:

    server {
        listen 80;
        listen 443 ssl;

        return 444;
    }

    server {
        listen 80;
        listen 443 ssl;

        server_name example.com;

        ssl_certificate_key private-key;
        ssl_certificate        certificate;
    }

The above, however results in all connections failing, including the
ones to example.com.

nginx -V is:

    nginx version: nginx/1.6.2 (Ubuntu)
    TLS SNI support enabled
    configure arguments: --with-cc-opt='-g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security
-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE
-pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log
--lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug
--with-pcre-jit --with-ipv6 --with-http_ssl_module
--with-http_stub_status_module --with-http_realip_module
--with-http_auth_request_module --with-http_addition_module
--with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module
--with-http_spdy_module --with-http_sub_module --with-http_xslt_module
--with-mail --with-mail_ssl_module

Can anyone help with this one?


Thanks,
Ádám



More information about the nginx mailing list