I have two vhosts : one on domain.tld port 80, the other on sub.domain.tld port 443 with SSL on. I added a CNAME entry on my DNS server that redirects my sub subdomain to domain.tld..
Everything works as expected, but going to http://sub.domain.tld does the same as going to http://domain.tld, and https://domain.tld the same as https://sub.domain.tld. How can I prevent this ?
My configuration :
server {
listen *:443;
listen [::]:443;
server_name www.sub.domain.tld;
ssl on;
ssl_certifiate ...;
ssl_certifiate_key ...;
root /var/www/sub.domain.tld;
...
}
server {
listen *:80;
listen [::]:80;
server_name www.domain.tld;
root /var/www/domain.tld;
...
}
If these are your only server blocks, then they are also your de-facto default server blocks for port 443 and port 80 respectively. See nginx documentation for details.
If you do not want this, you need to declare a default server block. A minimalist definition might be:
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate ...;
ssl_certificate_key ...;
return 403;
}
The ssl certificate is required to start the Nginx service, but it can be any certificate (e.g. you can point to dummy self-generated cert here, or to you main website certificate, doesn't matter). Also, the ssl_certificate directives are inherited, so you can place the default statements in the http block instead.
Use return 444; to just close the connection with no response.