Nginx redirects subdomain foo to www.foo to www.www.foo etc

Question

I just changed my config from a regular to a wildcard certificate. Now my nginx is misbehaving.

# redirect http to https
server {
  listen      80 default_server;
  listen      [::]:80 default_server;
  return      301 https://$host$request_uri;
}

# redirect naked to www
server {
  listen      443 ssl http2;
  listen      [::]:443 ssl http2;
  server_name example.com;
  include     ssl.conf;
  return      301 https://www.$host$request_uri;
}

# serve subdomain www
server {
  listen      443 ssl http2;
  listen      [::]:443 ssl http2;
  server_name www.example.com;
  include     ssl.conf;
  # ...
}

# serve subdomain mmm
server {
  listen      443 ssl http2;
  listen      [::]:443 ssl http2;
  server_name mmm.example.com;
  include     ssl.conf;
  # ...
}

# ...etc.

The above works, but fails for non-existent subdomains (instead of returning 404). So if I try notexist.example.com it will redirect me to www.notexist.example.com and give me a certificate warning. If I click ok, it will redirect to www.www.notexist.example.com, and then www.www.www.notexist.example.com, etc.

What am I doing wrong?

Answer 1

Since you want to catch all non-existent subdomains you need an extra server block at the end, marked as default - like listen 443 ssl default_server; The server_name for this block does not matter - as long as it does not match any of the other server blocks (so you can simply use server_name _;)

Any domain that is not already handled by another server block will be handled by the default one - you can either redirect to your canonical domain or just return 404.