I have an Nginx instance using SNI to serve multiple HTTPS domains from a single IP.
The only glitch with the setup is that Nginx responds with the first (acting as default) domain whenever a URL for the bare IP of the server, or a domain listed at that IP for which there is no corresponding HTTPS server block, is requested. In this case I would much prefer to simply return a standard 403 Forbidden -- I would set up a default server block to do this but I can't see a way around client certificate mismatch warnings.
(How c|C)an I configure Nginx to reject requests to such unknown/undefined domains without needing to specify a particular ssl certificate which will upset browsers? (i.e. I need Nginx to reject the request with a 403 prior to upsetting the client with a "bad" cert - from the client's POV this should be identical to the case where no HTTPS server block is defined at all.)
