From d3f56468b112bb3ef0898e7cd4d02d2b9cecc90d Mon Sep 17 00:00:00 2001 From: Ray Walker Date: Wed, 26 Aug 2015 12:49:59 +1000 Subject: [PATCH 1/2] Fix for #188 - remove hostname from default SSL block --- nginx.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.tmpl b/nginx.tmpl index b4140f9..6cb771d 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -152,7 +152,7 @@ server { {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} server { - server_name {{ $host }}; + server_name _; listen 443 ssl spdy {{ $default_server }}; return 503; From d066bd32e0fee73fd1ead5018dd167c56572e806 Mon Sep 17 00:00:00 2001 From: Ray Walker Date: Wed, 26 Aug 2015 18:35:47 +1000 Subject: [PATCH 2/2] Fix for #188 - add SSL server block outside hosts loop --- nginx.tmpl | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/nginx.tmpl b/nginx.tmpl index 6cb771d..31e6ce1 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -54,6 +54,17 @@ server { return 503; } +{{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} +server { + server_name _; # This is just an invalid value which will never trigger on a real hostname. + listen 443 ssl spdy; + return 503; + + ssl_certificate /etc/nginx/certs/default.crt; + ssl_certificate_key /etc/nginx/certs/default.key; +} +{{ end }} + {{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }} upstream {{ $host }} { @@ -152,7 +163,7 @@ server { {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} server { - server_name _; + server_name {{ $host }}; listen 443 ssl spdy {{ $default_server }}; return 503;