Rewrites for sites without SSL on same IP address as those using SSL

auxbuss nginx-forum at
Mon Apr 9 13:41:54 UTC 2012

I have a few sites on a single IP and a single nginx instance. Some
domains have SSL certificates (and listen on ports 80 and 443) and some
don't (and only listen on port 80).

For those domains that don't have an SSL certificate, including a server
block listening on port 443 to rewrite to port 80 does not work. I
understand this is because the SSL exchange happens prior to the server
name being inspected.

When browsing over https to one of the sites without an SSL certificate,
the current behaviour is that a security warning is presented to the
client that lists the certificate for the default_server and not the
appropriate domain.

Is there a way to rewrite https requests to http (for the domains with
an SSL certificate) while retaining the appropriate domain? 

If not, is the best way to resolve this to add an additional IP and use
one for those sites requiring ports 80 and 443 and another for those
only using port 80?


Posted at Nginx Forum:,225064,225064#msg-225064

More information about the nginx mailing list