nginx reverse proxy proxy_pass weirdness
Francis Daly
francis at daoine.org
Thu Dec 19 12:07:49 UTC 2019
On Wed, Dec 18, 2019 at 12:35:22PM -0500, deeztek wrote:
Hi there,
> server {
> listen 80 default_server;
> return 444;
> }
>
> Should take care of it?
Yes. (So long as every explicit-or-implicit "listen" directive is
equivalent to "listen 80", which it probably is.)
> How would I got about doing a default SSL config since it would complain
> about the certificate?
Same thing, essentially. What response do you want, for the request?
http://nginx.org/en/docs/http/configuring_https_servers.html
A connection comes to an ip:port.
The TLS handshake from the client includes a SNI name that you have
configured a listener to handle, so your nginx sends the appropriate
certificate; or the handshake does not (because it sends no SNI name, or
it sends a SNI name that you have not configured a listener to handle),
so your nginx sends the certificate associated with the default_server
for that ip:port.
If the client agrees the handshake and sends the request, your nginx
responds the way you configured it to; if the client does not agree the
handshake, they go away without sending the request.
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list