I use nginx to host multiple websites, and one of them has a valid SSL certificate. I've noticed recently (from early November 2012 according to Google Webmaster Tools), that if I make an SSL connection to one of the sites which does not have a valid SSL cert, I get the content of the site that does. That is, is example.com has the SSL cert, and I host example2.com without, if I go to https://example2.com I will get the homepage for example.com. This is despite the fact that the configuration file for example2.comdoesn't have anything concerning SSL in it (not even listening on port 443), and the configuration file for example.com doesn't have anything concerning example2.com. If configuration files are needed, I can provide them. However this was definitely not an issue before November. I suspect it started happening after I upgraded to the latest stable release of nginx. Any help is appreciated.
on 2013-01-10 12:21
on 2013-01-10 12:38
On Thu, Jan 10, 2013 at 6:20 PM, Adrian Hayter <email@example.com> wrote: > doesn't have anything concerning SSL in it (not even listening on port 443), > and the configuration file for example.com doesn't have anything concerning > example2.com. > Because there's something listening on port 443. When there's no matching server_name but there's something listening on that port, that block will handle the request. If you have dedicated ip for ssl host, set the ip. Otherwise, just create a default fallback server block for ssl and handle redirect from there.
on 2013-01-10 13:12
Ok, so how do I prevent that? I only want the content of example.com to be sent when example.com is given as the host in the HTTP request. Can you give examples?