|
@@ -0,0 +1,22 @@
|
|
1
|
+# Adds a default HTTPS server that returns a 421 response with no certificates
|
|
2
|
+# configured.
|
|
3
|
+#
|
|
4
|
+# This prevents Nginx from serving other sites when users make a request with
|
|
5
|
+# a hostname that is not recognised (e.g. they connect directly to the IP
|
|
6
|
+# address, or send deliberately incorrect requests). This behaviour results
|
|
7
|
+# in certificate errors and can leak details of "private" vhosts being served.
|
|
8
|
+#
|
|
9
|
+# This configuration will instead cause the browser to show an error (usually
|
|
10
|
+# "Connection closed" or similar).
|
|
11
|
+
|
|
12
|
+server {
|
|
13
|
+
|
|
14
|
+ listen 443 ssl default_server;
|
|
15
|
+ listen [::]:443 ssl default_server;
|
|
16
|
+
|
|
17
|
+ server_name _;
|
|
18
|
+
|
|
19
|
+ return 421;
|
|
20
|
+
|
|
21
|
+}
|
|
22
|
+
|