Nginx重定向根域，该域不在SSL证书中

Question

I have an SSL wildcard certificate for *.example.com which is not valid for the root domain. I would like Nginx on Ubuntu 14.04 to

1. accept only requests for defined hosts
2. redirect all http requests for root domain and www subdomain to https www subdomain
3. return 404 for the root domain only on port 443, eg if reuqest is https://example.com

I managed to achieve 1 and 2 with the configuration copied below.

server {
    #listen 80;
    #isten 443;
   return 404;
}

server {
   listen         80;
   server_name    example.com www.example.com;
   return         301 https://www.example.com$request_uri;
}

server {

    listen 443 ssl;
    #certificate and key referenced in common.conf
    server_name www.example.com;

    root /usr/share/nginx/html/example.com;
    index index.php index.html index.htm;

    include common/common.conf;
}

When I remove comment marks from the second and third lines above, hoping to return 404 only for https://example.com - nothing works. For example, I get ERR_CONNECTION_CLOSED in Chrome for both https://www.example.com/ and http://ww.example.com/ .

What should I do to achieve 1), 2) and 3) together?

Many thanks.

Answer 1

... wildcard certificate for *.example.com which is not valid for the root domain ... return 404 for the root domain only on port 443, eg if reuqest is https://example.com

This is not possible. With https the HTTP response is generated inside an established TLS connection for the host in the URL. Thus to return a 404 for access to https://example.com you must first have a validated TLS connection. But because example.com is not contained in your certificate you get a validation error when trying to establish the TLS connection and thus no TLS connection is successfully established and no 404 can be returned inside the connection.