From d3f56468b112bb3ef0898e7cd4d02d2b9cecc90d Mon Sep 17 00:00:00 2001
From: Ray Walker <hello@raywalker.it>
Date: Wed, 26 Aug 2015 12:49:59 +1000
Subject: [PATCH 1/2] Fix for #188 - remove hostname from default SSL block

---
 nginx.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.tmpl b/nginx.tmpl
index b4140f9..6cb771d 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -152,7 +152,7 @@ server {
 
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
-	server_name {{ $host }};
+	server_name _;
 	listen 443 ssl spdy {{ $default_server }};
 	return 503;
 

From d066bd32e0fee73fd1ead5018dd167c56572e806 Mon Sep 17 00:00:00 2001
From: Ray Walker <hello@raywalker.it>
Date: Wed, 26 Aug 2015 18:35:47 +1000
Subject: [PATCH 2/2] Fix for #188 - add SSL server block outside hosts loop

---
 nginx.tmpl | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/nginx.tmpl b/nginx.tmpl
index 6cb771d..31e6ce1 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -54,6 +54,17 @@ server {
 	return 503;
 }
 
+{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
+server {
+	server_name _; # This is just an invalid value which will never trigger on a real hostname.
+	listen 443 ssl spdy;
+	return 503;
+
+	ssl_certificate /etc/nginx/certs/default.crt;
+	ssl_certificate_key /etc/nginx/certs/default.key;
+}
+{{ end }}
+
 {{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
 
 upstream {{ $host }} {
@@ -152,7 +163,7 @@ server {
 
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
-	server_name _;
+	server_name {{ $host }};
 	listen 443 ssl spdy {{ $default_server }};
 	return 503;