Deny access with https for some unsecured domains on nginx

Question

I have nginx web server with virtual hosts on one IP address. Some domains working with http: ex1.com, ex2.com, ex3.com, and one domain with https: se1.com.

When I try to use httpS on ex1.com, ex2 or ex3, I'm getting content of https://se1.com site. How can I deny it?

Default-site http config:

server {
listen 80 default;
server_name localhost;
deny all;
}

Base http vhost config:

server {
    listen   80;
    server_name ex1.com;

    root /var/www/ex1.com;
    index index.html;

}

https site config:

server {
    listen  443;
    server_name se1.com;

    ssl                        on;
    ssl_protocols              SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;
    ssl_certificate            /etc/nginx/ssl/se1.crt;
    ssl_certificate_key        /etc/nginx/ssl/se1.key;

    root /var/www/se1.com;
    index index.html;

}

score 0 · Answer 1 · edited Apr 13 '17 at 12:13

The solution from a near identical question and the top google result (https://serverfault.com/a/382779/3256), is to add server blocks for each of your non ssl sites and add a rewrite to the http site thereby bouncing anybody who ends up at the https address to the http one. Clunky but effective!

For example:

server {
    listen 443 ssl;
    server_name ex1.com;

    ssl                        on;
    ssl_protocols              SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;
    ssl_certificate            /etc/nginx/ssl/se1.crt;
    ssl_certificate_key        /etc/nginx/ssl/se1.key;

    rewrite ^       http://$server_name$request_uri? permanent;
}

Thanks for reply. Can I use something like: if ( $scheme = https ){rewrite ^ http:// }? — SimWhite, May 23 '13 at 18:11

Deny access with https for some unsecured domains on nginx

1 Answers1