How can I prevent the domain name in the certificate from being exposed when accessing port 443（https port） directly via IP address?

[mcitem]

Summary

This is not directly related to Axum.

Without using an intermediate layer like a reverse proxy (e.g., Nginx), directly accessing the HTTPS port via IP will expose the corresponding domain name. There are no relevant examples in the repository that address this issue.

This might be similar to "load TLS certificates to be used for the request based on the hostname."

I hope he returns another self-signed certificate or doesn't return a certificate at all.

[jplatte]

This has nothing to do with axum, as axum doesn't handle TLS. If you are using axum-server, that's an independent crate with its own repository.

[ttys3]

you can handle this in TLS hello handshake and check the hostname client send, if no valid hostname matched, reject the request.