default server for ssl

[Jas2Ma]

If there are ssl-servers defined and one is requesting a non defined server, the request will be send to the first ssl server.

I change the nginx.tmpl on my own now, but I think there should be a possibility to set a standard ssl-server like you defined it for http/80?

[jwilder]

This might be a issue in that the default SSL server block does not have a default_server directive here: https://github.com/jwilder/nginx-proxy/blob/master/nginx.tmpl#L142

See https://github.com/jwilder/nginx-proxy#how-ssl-support-works

[Jas2Ma]

There is no default SSL server block, like it is for non-ssl. That's because one needs the right certificates for the requested domain.

Maybe there should be one garbage default server per domain registered for use with ssl by env .

[chschu]

A fix for this would be really nice, because landing on the wrong virtual host when restarting a container (or using the server's IP address) is really confusing.

What about having a _default.crt and _default.key in the certs volume, and a default SSL vhost using those files and always returning HTTP 503?

Edit: The template already uses some default.crt and default.key, but that seems to be the fallback if no certificate is found for a vhost.

[rsynnest]

As mentioned there is still no default SSL block to catch invalid SSL vhosts.
@kamermans published a block in this comment which you can place as your first server block in nginx.tmpl, and will reply with a 444 for any undefined vhosts served over SSL. Note his hardcoded domain in the crt + key files. You can use any valid crt+key file here, since the site will not be served anyway, but nginx will not serve the block if those files are invalid. It would make sense to add a unknownvhost.crt and unknownvhost.key and a default SSL block to the default nginx.tmpl, I can think of no reason not to have this, and it is a headache to troubleshoot.

[buchdag]

This was fixed in #2186