Make Nginx fail when SSL certificate not present, instead of hopping to only available certificate

Oli asked:

I’ve got a bunch of websites on a server, all hosted through nginx. One site has a certificate, the others do not. Here’s an example of two sites, using (fairly accurate) representations of real configuration:

server {
    listen 80;
    server_name ssl.example.com;
    return 301 https://ssl.example.com$request_uri;
}

server {
    listen 443 ssl;
    server_name ssl.example.com;
}

server {
    listen 80;
    server_name nossl.example.com;
}

SSL works on ssl.example.com great. If I visit http://nossl.example.com, that works great, but if I try to visit https://nossl.example.com (note the SSL), I get ugly warnings about the certificate being for ssl.example.com.

By the sounds of it, because ssl.example.com is the only site listening on port 443, all requests are being sent to it, regardless of domain name.

Is there anything I can do to make sure a Nginx server directive only responds to domains it’s responsible for?

My answer:


Use a different IP address for the hosts which should never answer on SSL, and ensure that nginx only listens on port 443 for the appropriate IP addresses.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.