I have a few sites on a single IP and a single nginx instance. Some domains have SSL certificates (and listen on ports 80 and 443) and some don't (and only listen on port 80).
For those domains that don't have an SSL certificate, including a server block listening on port 443 to rewrite to port 80 does not work. I understand this is because the SSL exchange happens prior to the server name being inspected.
When browsing over https to one of the sites without an SSL certificate, the current behaviour is that a security warning is presented to the client that lists the certificate for the default_server and not the appropriate domain.
Is there a way to rewrite https requests to http (for the domains with an SSL certificate) while retaining the appropriate domain?
If not, is the best way to resolve this to add an additional IP and use one for those sites requiring ports 80 and 443 and another for those only using port 80?
Thanks.