Rewrites for sites without SSL on same IP address as those using SSL

Igor Sysoev igor at
Mon Apr 9 13:55:15 UTC 2012

On Mon, Apr 09, 2012 at 09:41:54AM -0400, auxbuss wrote:
> I have a few sites on a single IP and a single nginx instance. Some
> domains have SSL certificates (and listen on ports 80 and 443) and some
> don't (and only listen on port 80).
> For those domains that don't have an SSL certificate, including a server
> block listening on port 443 to rewrite to port 80 does not work. I
> understand this is because the SSL exchange happens prior to the server
> name being inspected.
> When browsing over https to one of the sites without an SSL certificate,
> the current behaviour is that a security warning is presented to the
> client that lists the certificate for the default_server and not the
> appropriate domain.
> Is there a way to rewrite https requests to http (for the domains with
> an SSL certificate) while retaining the appropriate domain? 

Do you mean the domains WITHOUT an SSL certificate ?

> If not, is the best way to resolve this to add an additional IP and use
> one for those sites requiring ports 80 and 443 and another for those
> only using port 80?

Yes, in this case Firefox will show
Unable to connect
Firefox can't establish a connection to the server at ...

Igor Sysoev

More information about the nginx mailing list