Ping a Specific Port

Question

Naftuli Kay

Asked: 2013-12-04 23:00:14 +0800 CST2013-12-04 23:00:14 +0800 CST 2013-12-04 23:00:14 +0800 CST

nginx responding to unknown host names?

772

I have two domains that point to the same server, one we'll call home and one we'll call web.

I'm running nginx on port 80 for HTTP and 443 for HTTPS. In my server definitions, I've defined two servers:

server {
    listen 80;
    server_name web;
    # ...
}

server {
    listen 443;
    server_name web;
    # ...
}

In practice, it works just fine. However, when I try accessing home, which points to the same IP address as web, I get served web rather than getting a 404 or the like.

How can I configure nginx to 404 requests that don't match a server name? Do I need to define a default server which just bounces things down to 404s?

3 Answers

Voted

andreycpp · Answer 1 · 2017-03-31T12:43:27+08:00

andreycpp

2017-03-31T12:43:27+08:002017-03-31T12:43:27+08:00

For http:

server {
    listen 80 default_server;
    server_name _;
    return 404;
}

For https, you actually need to point nginx at ssl cert/key. According to documentation, nginx only looks at 'Host' header and does not look at TLS SNI when matching server_name. This means that nginx must be able to accept/decrypt ssl connection before it can inspect the Host header.

server {
    listen 443 ssl default_server;
    server_name _;
    ssl_certificate <path to cert>
    ssl_certificate_key <path to key>
    return 404;
}

The cert/key can be any cert/key e.g. self-signed.

If cert/key are not specified, nginx still tries to use such default_server and fails as it can't accept ssl connection.

19

schuppentier · Answer 2 · 2013-12-10T03:30:57+08:00

schuppentier

2013-12-10T03:30:57+08:002013-12-10T03:30:57+08:00

The Catchall server block also needs a server_name that you need to set to an invalid value like _. This way, the server block will not match any other hostname and will just be used as last resort. The config will look like this:

server {
    listen 80;
    listen 443 ssl;

    server_name _;

    return 404;
}

6

Mike · Answer 3 · 2013-12-04T23:04:45+08:00

Mike

2013-12-04T23:04:45+08:002013-12-04T23:04:45+08:00

The first server {} in your config is like a catch-all so that is why it is being shown. Add something like this before the listen 80 server {}

server {
    return 404;
}

server {
    listen 80;
    server_name web;
    # ...
}

server {
    listen 443;
    server_name web;
    # ...
}

4

nginx responding to unknown host names?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?