Make Nginx fail when SSL certificate not present, instead of hopping to only available certificate

Posted by Oli on Server Fault See other posts from Server Fault or by Oli
Published on 2013-11-12T17:12:08Z Indexed on 2013/11/13 3:57 UTC
Read the original article Hit count: 502

Filed under:
|

I've got a bunch of websites on a server, all hosted through nginx. One site has a certificate, the others do not. Here's an example of two sites, using (fairly accurate) representations of real configuration:

server {
    listen 80;
    server_name ssl.example.com;
    return 301 https://ssl.example.com$request_uri;
}

server {
    listen 443 ssl;
    server_name ssl.example.com;
}

server {
    listen 80;
    server_name nossl.example.com;
}

SSL works on ssl.example.com great. If I visit http://nossl.example.com, that works great, but if I try to visit https://nossl.example.com (note the SSL), I get ugly warnings about the certificate being for ssl.example.com.

By the sounds of it, because ssl.example.com is the only site listening on port 443, all requests are being sent to it, regardless of domain name.

Is there anything I can do to make sure a Nginx server directive only responds to domains it's responsible for?

© Server Fault or respective owner

Related posts about nginx

Related posts about ssl