Setting Nginx to catch all unhandled vhosts

server_name _; and default_server on the listen configuration are what you are looking for.

Example:

server {

   listen 80 default_server;
   server_name _;

   root /var/www/default; (or wherever)    

}

If you use SSL, then you need some extra plumbing for a default_server - certificate and key (that can be self-signed).

server {
    server_name _;
    listen 80 default_server;
    listen 443 ssl default_server;
    ssl_certificate <path to cert>;
    ssl_certificate_key <path to key>;
    return 404; # or whatever
}

Nginx will try to accept SSL connection on an IP/port-matching default_server. If such server is missing cert/key, nginx will drop the connection. It won't try other servers. So don't forget cert/key.


server {
  listen 80 default_server;
  listen 443 ssl default_server;
  listen [::]:80 default_server;
  listen [::]:443 ssl default_server;

  server_name _;
  root /path/to/default;
}

The entries are for port 80 (HTTP), port 443 (HTTPS), port 80 IPv6, and port 443 IPv6, respectively.

You could consider adding log_not_found off; to avoid adding a log entry for the page not being found.


In the event that you have listen directives with explicit IPs listed, you will need to also include these same IPs in your default block's listen directive.

server {
    listen 80 default_server;
    listen 10.0.0.10:80 default_server;
    server_name _;
}

server {
    listen 10.0.0.10:80;
    server_name foo.example.com;
}

Without the listen 10.0.0.10:80 default_server directive in the default block, foo.example.com would be served for http://10.0.0.10 even if 10.0.0.10 is your default IP address.