So nginx chooses the "server {}" block that contains "default_server" to choose
the SSL certificate, and after it receives the headers it choose another "server
{}" block as needed? If that is the case, you can create another "server {}"
block with "default_server" (usually this is somewhere like
/etc/nginx/sites-available/default) that shall contain the certificate and
always return 404.Regards, Antonis Antonis Christofides http://djangodeployment.com On 2017-12-19 14:18, Jon Ribbens wrote: > On Tuesday, 19 December 2017 07:24:23 UTC, Antonis Christofides wrote: > > I may be wrong of course, but I don't recall SNI having anything to do > with it. Just using something like > > server { > listen 80; > listen 443 ssl; > server_name my.django.site.com <http://my.django.site.com>; > ... > } > > will only send requests for my.django.site.com <http://my.django.site.com> > to the django project. I really don't know about SNI, but I recall having > used SSL on Apache before SNI existed and I don't remember any difference > with respect to that. Why does SNI affect this? > > > Because unless I'm misremembering something, if you /don't/ add default_server > to the listen directive then requests without SNI will not end up being served > the desired SSL certificate, but if you /do/ add default_server then requests > with the wrong/missing/IP-literal Host: header will end up going to Django, > which is what we wanted to avoid. > > I guess I'll just have to decide which of lack-of-SNI support and > alerting-on-wrong-Host I want to lose. > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com > <mailto:django-users+unsubscr...@googlegroups.com>. > To post to this group, send email to django-users@googlegroups.com > <mailto:django-users@googlegroups.com>. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/bf3e62f2-2584-4a28-8680-5cb83dd88753%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/bf3e62f2-2584-4a28-8680-5cb83dd88753%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/7d3d97b1-c6e0-6a84-1f7c-573d80862650%40djangodeployment.com. For more options, visit https://groups.google.com/d/optout.
