Default Server
ylann10 opened this issue · 2 comments
Hello,
How to set a default host from your solution ? Certbot tries to generate a certificate for the server_name _ and it doesn't work (logical). Is there a way to add _ as an exception so that it doesn't try to generate a certificate for this host and we can put a self-signed one instead if necessary ?
This is to be able to block unknown servers, because today, all it takes is connecting to my server's IP to reach the first server in the list and that bothers me.
Thank you for your answers.
Hi,
For port 80 (HTTP), the only server should be the redirector: https://github.com/JonasAlfredsson/docker-nginx-certbot/blob/master/src/nginx_conf.d/redirector.conf
When this is active Nginx will redirect all traffic (except the ACME challenge) to HTTPS.
A default server for HTTPS works a little bit differently than HTTP, but there is a way to create a similar method in the encrypted case as well: https://github.com/JonasAlfredsson/docker-nginx-certbot/blob/master/docs/nginx_tips.md#reject-unknown-server-name
Hi,
Yes for port 80, but that's not a problem for me.
Indeed I was not aware of the ssl_reject_handshake variable, I will try.
Edit: It works wonderfully, thank you very much.
Thank you.