Linux – How to setup 404 nginx config for default host on port 443

linuxnginxport-443ssl-certificate-errors

For the past few weeks I am hunting for a solutions to setup 404 nginx config for default host on port 443. And no solution so far.

To clarify the question properly. Lets take quora.com as example which is running on nginx.

Now Quora.com's public ip is 192.229.182.210 and when you enter the following it shows the following results

http://192.229.182.210 – shows 404
https://192.229.182.210 – Server could be tricking -> then shows 404

Hint – Most other servers running on nginx, says invalid certificate and then forwards to its production host. Example – wordpress.org

The question is should you use a ssl snippet on the default config to pass the 404 as quora's public https ip shows? If yes, was it self signed? If no ssl used, how is it done?

My current config is

server {
listen 80 default_server;
listen [::]:80 default_server;

server_name _;

return 403;
}

Best Answer

https://192.229.182.210 shows a certificate warning in Chrome, IE, and Firefox. Perhaps you added an exception that allows it to ignore the certificate mismatch, or you're using a strangely permissive browser. If you're not seeing this clear your cache and exceptions, refresh, and provide a screenshot if it's still happening.

What I describe above is the expected behavior because https certificates are issued against a domain name, not an IP.

I don't think it's possible to display a page based on https requests to your IP without a domain name without getting a certificate warning. That would require an https certificate to be issued to an IP, which is possible but is very rarely done.

Related Solutions

Nginx – Can not change nginx 1.2.5 default website

For some reason new Nginx's configuration file doesn't include file /etc/nginx/sites-available/default. That was my problem.

Nginx – Properly setting up a “default” nginx server for https

I managed to configure a shared dedicated hosting on a single IP with nginx. Default HTTP and HTTPS serving a 404 for unknown domains incoming.

1 - Create a default zone

As nginx is loading vhosts in ascii order, you should create a 00-default file/symbolic link into your /etc/nginx/sites-enabled.

2 - Fill the default zone

Fill your 00-default with default vhosts. Here is the zone i am using:

server {
    server_name _;
    listen       80  default_server;
    return       404;
}


server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    return       404;
}

3 - Create self signed certif, test, and reload

You will need to create a self signed certificate into /etc/nginx/ssl/nginx.crt.

Create a default self signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Just a reminder:

Test the nginx configuration before reloading/restarting : nginx -t
Reload a enjoy: sudo service nginx reload

Hope it helps.

Best Answer

Related Solutions

Nginx – Can not change nginx 1.2.5 default website

Nginx – Properly setting up a “default” nginx server for https

Related Topic