deuill
/
coreos-home-server
mirror of https://github.com/deuill/coreos-home-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nginx: Add default HTTPS handler for unknown host 

This will reject TLS connections entirely, which is likely better
compared to defaulting to the next (and possibly incorrect) server
block or presenting a self-signed certificate only to then reject the
request with a 444 response.
This commit is contained in:
Alex Palaistras 2024-04-15 11:43:21 +01:00
parent 3d4da04c18
commit 8f30b8f28a
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
service/nginx/container/config/conf.d/_default.conf
View File

@ -12,3 +12,9 @@ server {
return 444;
}
}
server {
listen 443 default_server;
server_name _;
ssl_reject_handshake on;
}