Nginx serving any domain with HTTPS to the default_server - How to stop it?

Question

Here's my how my nginx config looks like:

server {
    listen 443 default_server ssl;
    server_name dlgt.co;
    [... bunch of stuff there ...]

}

#HTTP Server redirects to https
server {
       server_name _;
       rewrite        ^ https://dlgt.co$request_uri? permanent;
}

server {
       listen 443;
       server_name _;
       rewrite        ^ https://dlgt.co$request_uri? permanent;
}

With that though, accessing the IP with https:// will still work. I'm trying to block that behavior, because it is simply throwing errors. I can't find how to exclude all other server_names from the config, and I thought that my last 2 blocks would do the trick, but visibly not.

Thanks !

Answer 1

Your last block is conflicting with your first block. Defining a default server will make the server block process all unknown server names even if you define an other "catch-all" block.

So the logic must be reversed to this :

server {
    listen 80 default_server;
    listen 443 default_server ssl;
    ssl_certificate /path/to/certificate;
    ssl_certificate_key /path/to/key;
    return 301 https://dlgt.co$request_uri;
}

server {
    listen 443;
    server_name dlgt.co;
    [ ... ]
}

Note that certificate and key have only to be set in the default server block. As the handshake comes before any HTTP traffic is seen, nginx will elect the server block processing incoming HTTP requests after the handshake took place in the default server block.