Yes, this is something of a duplicate to this question, however, according to the ngnx document "Configuring HTTPS servers" (the section "Single HTTPS Server"), this limitation no longer exists, and the answer to that question is no longer valid.
From the link above:
Prior to 0.7.14 SSL could not be enabled selectively for individual listening sockets,
as shown above. SSL could only be enabled for the entire server using the ssl
directive, making it impossible to set up a single HTTP/HTTPS server. The ssl
parameter of the listen directive was added to solve this issue. The use of the ssl
directive in modern versions is thus discouraged.
However, with the server block set up as prescribed in that doc:
server {
listen *:80;
listen 443 ssl;
server_name example.com *.example.com;
[...]
… nginx will still serve content from example.com when a request for https://example.net is made.
I understand that the SSL is served before the HTTP request, but there has to be some way to prevent the server from responding to SSL requests that do not have a valid SSL certificate associated with them.
Any insight on this is greatly appreciated.
Best Answer
Well, kinda. Since you have multiple sites running on the same IP, a user attempting an SSL connection to that IP for any of the sites will always establish its SSL connection (and potentially get a certificate error if they're pointing to a hostname that isn't covered by the cert).
All you can do to prevent this is to not have SSL listening on that IP (running your SSL stuff on different addresses).
If you're ok with them getting an SSL connection with that potential error, then you have options after; instead of getting the content from the SSL-enabled
server, you could have a default of them either getting a 403 error or a redirect to the http listener for the hostname they sent the request to - would one of those options make sense for your system?