HTTP and HTTPS sites on a SNI enabled server (Nginx + Apache)
The environment for web page serving is like this:
Nginx as a reverse proxy in front of Apache (serverpilot based config).
The server is SNI enabled (you can run multiple SSL enabled sites on a single IP).
There are 2 sites served - one with https enabled and properly configured and another one without any need for https.
Normally I would want to disable https for the second domain name (xn.rs) or at least force it to redirect 301 to http://xn.rs in case it is accessed from https://xn.rs
This is because it does not have a valid certificate and I don’t intent to purchase one.
This is however impossible according to what I know so far.
Any https request for xn.rs goes to the IP address of the server (the A record DNS). Once it connects to the server it then processes the host part. Once it reaches the host part you get an error of course because the host does not match the certificate.
Since the request is only “parsed” for the host part after the actual SSL is established I can’t seem to find a way to prevent this from happening.
Editing the vhost in Nginx is pointless (again, it’s based on host declaration).
Using .htaccess does not work for the same reason - in order to parse .htaccess you need a connection - and the connection is for the IP.
Any ideas please?
[EDIT] I think I might have found a way with nginx default_server
This nginx is tricky if you’re not experienced with it :)