Weird SSL Issue

Edho Arief edho at myconan.net
Thu Jan 10 11:37:16 UTC 2013


On Thu, Jan 10, 2013 at 6:20 PM, Adrian Hayter <adrianhayter at gmail.com> wrote:
> I use nginx to host multiple websites, and one of them has a valid SSL
> certificate. I've noticed recently (from early November 2012 according to
> Google Webmaster Tools), that if I make an SSL connection to one of the
> sites which does not have a valid SSL cert, I get the content of the site
> that does.
>
> That is, is example.com has the SSL cert, and I host example2.com without,
> if I go to https://example2.com I will get the homepage for example.com.
>
> This is despite the fact that the configuration file for example2.com
> doesn't have anything concerning SSL in it (not even listening on port 443),
> and the configuration file for example.com doesn't have anything concerning
> example2.com.
>

Because there's something listening on port 443. When there's no
matching server_name but there's something listening on that port,
that block will handle the request.

If you have dedicated ip for ssl host, set the ip. Otherwise, just
create a default fallback server block for ssl and handle redirect
from there.



More information about the nginx mailing list