SNI and certs.
jeff.dyke at gmail.com
Mon Nov 28 21:07:59 UTC 2016
Just a personal preference, but i put an https version in front of all
sites(and redirect 80 to 443) and keep the certs up to date for free with
lets-encrypt/certbot (i have nothing to do with the company), with SNI,
one IP. This is simple as I keep the nginx configurations up to date with
a configuration management tool (saltstack in my case).
That's my philosophy on 80 vs 443 and a mixed case, i like the consistency
in my configuration and the ability to maintain groups of configuration
types based on site needs. And you do get a small SEO boost for being
On Mon, Nov 28, 2016 at 3:55 PM, Lukas Tribus <luky-37 at hotmail.com> wrote:
> > It seems that search engines are probing https: even for sites that
> > don't offer it
> Which is fine.
> > just because it's available for others, with the end
> > result that pages are being attributed to the wrong site.
> Sounds like an assumption. Any real life experience and
> evidence backing this?
> Sounds simply enough to drop the HTTPS request if the
> certificate doesn't match the hostname.
> Every standard wget/curl/lynx application drops the TLS session
> by default in this case, I don't see why a crawler wouldn't.
> > Does anyone have a better solution ( nginx of course! )
> If this is a real problem (which I doubt), I guess you could just
> serve a 403 Forbidden from the default hosts.
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx