I have a setup with several vhosts, and currently if someone connects directly to ip or with a random Host header they will get sent to the first alphabetical vhost.
I'm trying to set it up so that I have a default vhost, but it's getting complicated because I'm using HTTPS. This is my config so far:
server {
root /var/www/default;
index index.html;
server_name _;
listen 80 default_server;
}
server {
server_name _;
listen 443 default_server;
return 301 http://$http_host$request_uri;
}
So what I'm trying to do is to first downgrade it to an HTTP request then serve some error message in the index.html. (I'd ideally like to do this without needing a wildcard certificate)
This doesn't work: `*1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking`, even happens on a valid subdomain/vhost...
So firstly I'm confused as to why nginx even tries to send it to the bottom server block when I have a more specific block in another file that matches `server_name` (and has `listen 443 ssl`)
And secondly, is it even possible to downgrade HTTPS request to an HTTP request without any valid certificate for that subdomain? (or even for someone who connects directly through IP)
If it's impossible, then how do I make nginx just drop that connection and prevent it from routing to another server block?
Relevant SO question: https://stackoverflow.com/questions/3893839/how-do-i-redirect-https-to-http-on-nginx
I'm trying to set it up so that I have a default vhost, but it's getting complicated because I'm using HTTPS. This is my config so far:
server {
root /var/www/default;
index index.html;
server_name _;
listen 80 default_server;
}
server {
server_name _;
listen 443 default_server;
return 301 http://$http_host$request_uri;
}
So what I'm trying to do is to first downgrade it to an HTTP request then serve some error message in the index.html. (I'd ideally like to do this without needing a wildcard certificate)
This doesn't work: `*1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking`, even happens on a valid subdomain/vhost...
So firstly I'm confused as to why nginx even tries to send it to the bottom server block when I have a more specific block in another file that matches `server_name` (and has `listen 443 ssl`)
And secondly, is it even possible to downgrade HTTPS request to an HTTP request without any valid certificate for that subdomain? (or even for someone who connects directly through IP)
If it's impossible, then how do I make nginx just drop that connection and prevent it from routing to another server block?
Relevant SO question: https://stackoverflow.com/questions/3893839/how-do-i-redirect-https-to-http-on-nginx