I have a bunch of https websites available over a single IP working with sni on nginx 1.0.15.

Currently, anyone accessing a domain name that resolves to the same IP is greeted with a certificate mismatch error due to nginx choosing the first server as the default.

Instead of using the first server as the default, I'd like to create a catch-all https server that drops/resets the tcp connection. As such all domain names that have an associated server block would still work using sni, but IPs or other domain names would simply result in a dropped connection.

Unfortunately, I can't seem to get this to work. If I define the server block below, all requests are handled by the catch-all server, and all the websites become inaccessible. Here is the server block I've defined:

server {
listen 443 default_server;
return 443;
}

Does anyone know how I could achieve this?

Thanks!

Arthur