Selection of secure virtual servers
Maxim Dounin
mdounin at mdounin.ru
Mon Nov 16 13:55:47 UTC 2015
Hello!
On Fri, Nov 13, 2015 at 03:37:28PM +0100, Joó Ádám wrote:
> Hi,
>
> I would like to terminate TLS connections arriving at the default
> server, only serving requests with the correct host header, relying on
> SNI.
>
> The configuration is as follows:
>
> server {
> listen 80;
> listen 443 ssl;
>
> return 444;
> }
>
> server {
> listen 80;
> listen 443 ssl;
>
> server_name example.com;
>
> ssl_certificate_key private-key;
> ssl_certificate certificate;
> }
>
> The above, however results in all connections failing, including the
> ones to example.com.
The problem is that there is no certificate defined in the default
server{} block. You should be able to find nginx complaints about
this in the error log.
Solution is to specify a certificate in the default server. Use a
dummy one if you don't need a real one.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list