Nginx SSL request process

Question

I have a Nginx 1.10 with this 2 sites:

site A:

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /etc/ssl/example.com/fullchain.pem;
        ssl_certificate_key /etc/ssl/example.com/privkey.pem;    
        server_name example.com;
        return  301  https://www.$host$request_uri;
}

site B:

server {
        listen 443 default_server ssl;
        listen [::]:443 default_server ssl;
        ssl_certificate /etc/ssl/default/fullchain.pem;
        ssl_certificate_key /etc/ssl/default/privkey.pem;    
        server_name _;
        return  301  https://qqq.$host$request_uri;
}

The server IP is 10.10.10.10

Why when I execute: curl -Iv --header "Host: example.com" https://10.10.10.10. -k

It gives me the default certificate, not the example.com.

But if I execute curl -Iv --resolve example.com:443:10.10.10.10 https://example.com -k it loads the proper certificate.

So nginx do not use the Host header to choose the SSL certificate What parameter uses nginx to decide which certificate to load?

Any reference would be appreciated, thanks

How could a web server choose a certificate based on a header he has yet to decipher? That's what SNI is for. — Gerard H. Pille, Jun 20 '18 at 12:23
https://stackoverflow.com/questions/12941703/use-curl-with-sni-server-name-indication#12942331 says that if yout version of curl is recent enough, "curl https: //example.com" should do the trick (ie. use SNI). — Gerard H. Pille, Jun 20 '18 at 14:14

Nginx SSL request process

0 Answers0