Example case. I have a web-server with one IPV4 address. I am hosting ~50 web sites and just two of them have ssl certificates. I have configured vhosts for 2 ssl websites and everything is OK, except one big problem – if i visit other 48 sites using https:// prefix (they don't have ssl certificates), i am seeing my latest website with a SSL certificate.
It is possible to prevent https prefix on non SSL websites? Or there's just one solution – to use dedicated ip addresses. If i have dedicated ip address i am using the following config:
server {
listen 111.222.333.444:443 ssl;
}
This way, if i force https on non SSL website – nothing happens.
Best Answer
Nginx uses a "default server" that it picks to serve pages when there isn't another closest match. If you haven't specified the default server to use, I believe it uses the first that it finds (which in your case is one of your HTTPS sites). So you should be able to create a default server vhost with your IPv4 address for TLS (you are using only TLS and not SSL anymore right?) and have it listen on the IP that will catch the random HTTPS requests. You might also need to add the server_name item in there too for your 48 non-secure sites, but it may work without that.
Another alternative is to go ahead and set them all up with HTTPS! With the Let's Encrypt project (https://www.letsencrypt.org) you can get trusted certificates for all those other sites for free. And it's quite easy.