Selection of secure virtual servers

Maxim Dounin mdounin at mdounin.ru
Mon Nov 16 13:55:47 UTC 2015


Hello!

On Fri, Nov 13, 2015 at 03:37:28PM +0100, Joó Ádám wrote:

> Hi,
> 
> I would like to terminate TLS connections arriving at the default
> server, only serving requests with the correct host header, relying on
> SNI.
> 
> The configuration is as follows:
> 
>     server {
>         listen 80;
>         listen 443 ssl;
> 
>         return 444;
>     }
> 
>     server {
>         listen 80;
>         listen 443 ssl;
> 
>         server_name example.com;
> 
>         ssl_certificate_key private-key;
>         ssl_certificate        certificate;
>     }
> 
> The above, however results in all connections failing, including the
> ones to example.com.

The problem is that there is no certificate defined in the default 
server{} block.  You should be able to find nginx complaints about 
this in the error log.

Solution is to specify a certificate in the default server.  Use a 
dummy one if you don't need a real one.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list