From 46c6157fabbd7c84b3a176cffa5e36f44b59933c Mon Sep 17 00:00:00 2001 From: Jaculabilis Date: Fri, 12 Jan 2024 18:21:44 +0000 Subject: [PATCH] empyrean: fix HTTPS for nonexistent subdomains nginx always chooses a server block for a connection and the listen parameters are checked before server name. This meant that HTTPS connections missed the default 444 server block because it only matched HTTP. With this, those requests now get an SSL error. --- machine/empyrean/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machine/empyrean/default.nix b/machine/empyrean/default.nix index ecd8cfb..5288be6 100644 --- a/machine/empyrean/default.nix +++ b/machine/empyrean/default.nix @@ -75,6 +75,7 @@ # Deny all other subdomains "alogoulogoi.com" = { default = true; + rejectSSL = true; locations."/".return = "444"; }; };