Default ssl server and sni

rthur nginx-forum at nginx.us
Wed Dec 17 17:06:57 UTC 2014


I have a bunch of https websites available over a single IP working with sni
on nginx 1.0.15.

Currently, anyone accessing a domain name that resolves to the same IP is
greeted with a certificate mismatch error due to nginx choosing the first
server as the default.

Instead of using the first server as the default, I'd like to create a
catch-all https server that drops/resets the tcp connection. As such all
domain names that have an associated server block would still work using
sni, but IPs or other domain names would simply result in a dropped
connection.

Unfortunately, I can't seem to get this to work. If I define the server
block below, all requests are handled by the catch-all server, and all the
websites become inaccessible. Here is the server block I've defined:

server {
    listen 443 default_server;
    return 443;
}

Does anyone know how I could achieve this?

Thanks!

Arthur

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,255583,255583#msg-255583



More information about the nginx mailing list