-
Have two server blocks.
-
default_server
block insidehttp
block ofnginx.conf
:
server { server_name _; listen 80 default_server; listen [::]:80 default_server ipv6only=on; listen 443 default_server; return 404; } include /etc/nginx/sites-enabled/*;
- A working domain/website block inside
sites-enabled
:
server { listen 80; listen 443; server_name example.com; return 301 https://www.$server_name$request_uri; } server { listen 80; listen 443 ssl; root /var/www/example.com/htdocs/; index index.html index.htm; server_name www.example.com; }
(I have this setup to redirect all non-www to www and all http to https)
-
I have a cert for both non-www and www for my domain. Nginx for some reason is calling any subdomain instead of giving default website cannot be found/
ERR_CONNECTION_RESET/
error. -
For example if I go to
https://asdf.example.com/
Nginx calls it and browser tells you it's insecure SSL cert, then you accept it anyway and get a 404 page. -
How do I jump to 404 page skipping the invalid cert message or how do I jump straight to 'page not found' and not the 404? E.g. like go to
https://asdf.serverfault.com
it doesn't give a 404, it gives aERR_CONNECTION_RESET/
. I want that for all non-existent subdomains and domains on my server.
update: Could it be that all my ssl_certificate
lines are added to main http block too? If so, still doesn't solve calling for ERR_CONNECTION_RESET
and not 404 like given example on 6.
.
Best Answer
If you open https://asdf.example.com directly then browser will resolve
asdf.example.com
to an IP address and then connect to it usingHTTPS
protocol. If server (with retrieved IP) is listening on443
port and returns no certificate for this domain, or an invalid one than browser will warn you about insecure protocol before finishing up the request (e.g. displaying404
error).https://asdf.serverfault.com gives an connection error because this subdomain is not registered, it has no IP address. That's why you see this error. If you want to make sure
asdf.example.com
returns an connection error instead of ssl warning then make sure that this subdomain is not registered and there is no wildcard (*) record forexample.com
.