nginx reverse proxy proxy_pass weirdness

Francis Daly francis at
Thu Dec 19 12:07:49 UTC 2019

On Wed, Dec 18, 2019 at 12:35:22PM -0500, deeztek wrote:

Hi there,

> server {
>     listen      80 default_server;
>     return      444;
> }
> Should take care of it?

Yes. (So long as every explicit-or-implicit "listen" directive is
equivalent to "listen 80", which it probably is.)

> How would I got about doing a default SSL config since it would complain
> about the certificate?

Same thing, essentially. What response do you want, for the request?

A connection comes to an ip:port.

The TLS handshake from the client includes a SNI name that you have
configured a listener to handle, so your nginx sends the appropriate
certificate; or the handshake does not (because it sends no SNI name, or
it sends a SNI name that you have not configured a listener to handle),
so your nginx sends the certificate associated with the default_server
for that ip:port.

If the client agrees the handshake and sends the request, your nginx
responds the way you configured it to; if the client does not agree the
handshake, they go away without sending the request.

Francis Daly        francis at

More information about the nginx mailing list