-3

Hello so I got this default file

server { listen 80 default_server; listen 443 default_server; listen [::]:80 default_server; listen [::]:443 default_server; server_name _; return 444; }

This catches everything... in the same folder (sites-enabled) I got my domain.com file

server { listen 80; server_name my.domain.com; location /.well-known/acme-challenge { default_type "text/plain"; root /storage/webserver/certbot; } #Forces all other requests to HTTPS location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name my.domain.com; ## SSL STUFF ## root /path/to/root; index index.html index.php; location / { try_files $uri $uri/ $uri.html; } ### Site config }

If I leave the default disabled (removed) and go to my.domain.com I see my page. now if I add the default file I get a 444 from Nginx(Closed). Why..?

EDIT: After some testing I found the issue to be the listen 443 default_server; part it catches every https request, why?? I have a block with my domain and listen 443!

Improve this question
3
  • So if you make sure that the default block comes last, does behavior change? Commented Mar 10, 2018 at 6:59
  • @CraigHicks so rename it to something like z? Or is there another way you should do it? Commented Mar 10, 2018 at 12:41
  • I tried that and I tried to add it after the include part in the nginx.conf file same result still Commented Mar 10, 2018 at 12:57

1 Answer 1

Reset to default
1

According to this answer https://serverfault.com/a/841646/459947

I had to add a certificate to the catch_all. After I did that with a self signed certificate I get 444 on my IP (correct as it doesn't have a block) and SSL warning and 444 when accepting on HTTPS my IP. So this works for me, I wish there was a better way to do it. 

server { listen 80 default_server; listen 443 ssl default_server; server_name _; ssl_certificate <path to cert> ssl_certificate_key <path to key> return 444; }

According to https://serverfault.com/a/593668/459947 you could do a if on the blocks to check if the domain is correct. I mean I guess it works, but I don't want to add that to each block. I you think this is a better idea, let me know.

Improve this answer
1
  • Yes, the default virtualhost TLS block cannot work when there are no certificates defined, because having certificates is essential when negotiating a TLS connection. nginx could give an error in this case though. Commented Mar 11, 2018 at 22:59

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.