"random" subdomain is shown on invalid subdomain instead of error page [duplicate]
I have an Nginx with a number of enabled server blocks. Each server answers to 1 canonical domain and may forward 1 or more to that canonical URL. I have at least one server (haven't checked all of them yet) where, if I type in a non-existent domain that points to this box, Nginx displays a site of its choosing (always the same site, but not one that I'm after).
I've poked around the config file for the site I always land on, but don't see anything obvious that would identify it as any kind of default site and yet there it is, always showing up when I fat finger a URL.
Any thoughts on what I should be looking for to track this down?
Add default_server
to your listen
directive in the server
that you want to act as the default.
Why is nginx doing this?
The reason for this is simple. Very old or broken clients do not send the Host
HTTP header field in their requests and if you are using name based server blocks (name based virtual hosts in Apache terms) nginx is not able to determine which of the servers you configured is meant by the client. The same problem is true for any other web server that supports this name based system. This problem would not arise if you would be using an IP based system for each domain (which also means that you have several network interfaces).
More on this topic? How nginx processes a request
Which is the first?
nginx will select the server that comes first if no default
flag was set on any listen
directive:
server {
server_name server1.com;
}
server {
server_name server2.com;
}
server1.com
will be default.
If you automatically include the symbolic links from sites-enabled
(default config) the file that comes first in the directory will be your first server.
What can I do to prevent this?
Good question and you should prevent it. There is no reason to support these old clients and absolutely no reason to support broken clients. The problem is easily solved by creating a default catch all server config. The following example is from one of my projects and targeted towards the current dev version of nginx (1.5.2 - but should work with older versions as well):
# /etc/nginx/sites-enabled/_.conf
# Default server for clients who do not send correct Host header.
# The underline in the file name makes sure that this file comes first in the dir.
server {
server_name _;
listen *:80 default_server deferred;
return 444;
}
Configuration is trimmed, more nginx configuration stuff.