1

For the past few weeks I am hunting for a solutions to setup 404 nginx config for default host on port 443. And no solution so far.

To clarify the question properly. Lets take quora.com as example which is running on nginx.

Now Quora.com's public ip is 192.229.182.210 and when you enter the following it shows the following results

http://192.229.182.210 - shows 404 https://192.229.182.210 - Server could be tricking -> then shows 404

Hint - Most other servers running on nginx, says invalid certificate and then forwards to its production host. Example - wordpress.org

The question is should you use a ssl snippet on the default config to pass the 404 as quora's public https ip shows? If yes, was it self signed? If no ssl used, how is it done?

My current config is 

server {
listen 80 default_server;
listen [::]:80 default_server;

server_name _;

return 403;
}
Ajay Singh
  • 347

2 Answers2

0

https://192.229.182.210 shows a certificate warning in Chrome, IE, and Firefox. Perhaps you added an exception that allows it to ignore the certificate mismatch, or you're using a strangely permissive browser. If you're not seeing this clear your cache and exceptions, refresh, and provide a screenshot if it's still happening.

What I describe above is the expected behavior because https certificates are issued against a domain name, not an IP.

I don't think it's possible to display a page based on https requests to your IP without a domain name without getting a certificate warning. That would require an https certificate to be issued to an IP, which is possible but is very rarely done.

Community
  • 1
Tim
  • 33,870
  • 7
  • 56
  • 84
0

Finally found the answer on how to get a decent 404 for ssl default ip address.

Source : Properly setting up a "default" nginx server for https

Though not many have upvoted this answer, it looks to be true that Quora uses self signed certificate for default host and shows a custom 404. Using the following will show a default 404.

Set the default config to this.

server {
server_name _;
listen       80  default_server;
return       404;
}


server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
return       404;
}

Then make directory for ssl if it doesn't exist 

sudo mkdir -p /etc/nginx/ssl

Then create a self signed ssl for the same

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Check for errors and reload nginx to get the 404

nginx -t

sudo sytemctl reload nginx
Ajay Singh
  • 347