Nginx keeps answering with the ‘default nginx site’ despite it being removed from config

configurationnginxweb-hostingweb-server

I was hoping someone could help me with this strange problem. On a 'clean' server install, I have the following "website.com" and nginx configs, yet if you try to go to the http version of www.website.com, it renders the default nginx page, instead of forwarding over to the https version like it's configured to do. The site is using the AWS Linux ami, and is behind an elb (hence the directive for elb-check).

In my /sites-available (and ln -s'd to /sites-enabled), all I have (even when doing a # ls -lah) is:
default_server website.com elb-check

The configs (as well as the nginx.conf are below).

Thank you in advance! Please let me know if there's additional info/configs you need.

website.com:

# Send http www. to https www.
    server {
    listen 80;
    server_name www.website.com;
    return 301 $scheme://www.website.com$request_uri;
    server_tokens off;

    }

# Send http non www. to https www.
    server {
    listen 80;
    server_name website.com;
    return 301 $scheme://www.website.com$request_uri;
    server_tokens off;

    }

# Send https non www. to https www. 
    server {
    listen 443 ssl;
    server_name website.com;
    return 301 $scheme://www.website.com$request_uri;
    server_tokens off;

        ssl_certificate "/path.to.crt";
        ssl_certificate_key "/path.to.key";
        ssl_dhparam "/etc/pki/nginx/dhparams.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH;
        ssl_prefer_server_ciphers on;

    }

# Answer https and www. requests

    server {
        listen  443 ssl;
        server_name www.website.com;
        index   index.html index.php;
        root    /home/website/html;
        access_log  /var/log/website/access.log;
        error_log   /var/log/website/error.log;
    server_tokens off;

        ssl_certificate "/path.to.crt";
        ssl_certificate_key "/path.to.key";
        ssl_dhparam "/etc/pki/nginx/dhparams.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH;
        ssl_prefer_server_ciphers on;

    location / {
        root    /home/website/html;
        try_files $uri $uri/ /index.php?$uri&$args;
        }

    location ~ /private\.php$ {
        auth_basic "Restricted Area";
        auth_basic_user_file /home/website/.htpasswd;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include fastcgi_params;
        }

    }

nginx.conf:

# nginx config
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;


    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    # Load Virtual Sites
    include /etc/nginx/sites-enabled/*;
    include /etc/nginx/sites-available/*;

    index   index.php index.html index.htm;
    server_tokens off;
}

default_server:

# To black-hole all other subdomain requests
server {
    listen 80;
    server_name _;
    return 444;
}

elb-check:

# So the ELB sees the instance as still being alive
server {
    location /home/elb-check { 
    access_log off;
    return 200;
    add_header Content-Type text/plain;
    }
}

Best Answer

Nginx will choose the first server in the config if no default server is specifically defined. Install a dummy default server.

# This just prevents Nginx picking a random default server if it doesn't know which
# server block to send a request to
server {
  listen      80 default_server;
  server_name _;
  return 444;
  access_log off; log_not_found off;
}

You may want to define a default https server as well, though it will probably generate certificate warnings if it's not on a specific domain. I don't bother.

Related Solutions

Nginx – Why WordPress Loads Blank Pages on Nginx and PHP-FPM

By default the Nginx source does not define SCRIPT_FILENAME in the fastcgi_params file, so unless the repo you installed Nginx from does that you need to do it yourself.

Check if the following line is in your fastcgi_params file:

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

and if not then add it.

Nginx – Configure php5-fpm for many concurrent users

I suspect your varnish cache is not caching anywhere near enough of the hits

here's what I would do in your situation:

Lower php max children to 100 or even 50 (if varnish does its job properly you don't need them) also remove the max requests line to allow the php processes not to respawn too quickly and thus prevent APC from being cleared too quickly which is also bad

also IF is not good according to nginx - http://wiki.nginx.org/IfIsEvil

I would change this line:

            if (!-e $request_filename) {
                    rewrite ^(.+)$ /index.php?q=$1 last;
            }

to:

try_files $uri $uri/ /index.php?$args;

If your version of nginx supports it (pretty certain if your nginx version is > 0.7.51 then it supports it)

you should also look at inserting the w3tc nginx rules direct into your vhost file to enabled proper disk enhanced caching of pages (which is faster than APC caching with nginx)

Take a look at the following varnish vcl which I use for sites - you will need to read through and edit a few things for your website - it also assumes that its only WP sites on the server and only 1 site on the server, it can easily be modified for more sites (take a look at the cookie section)

generic vcl: https://gist.github.com/b7332971a848bcb7ecef

With this config I would argue to remove fastcgi_cache to prevent any possible issues with a cache-chain occurring whereby trying locate any stray stale cache entries is more difficult

also tell w3tc that varnish is at 127.0.0.1 and it will purge it for you ;)

I deployed this to a server on Wednesday evening (with a few domain specific modifications) that was handling 2500 active site visitors it reduced load to less than 1 and the approx number of running php children was around 10-20 (this number does depend on number of logged in users and other factors like cookies) this server did have much more ram but the principle is the same, you should be able to easily handle the number of visitors you get at peaks

Best Answer

Related Solutions

Nginx – Why WordPress Loads Blank Pages on Nginx and PHP-FPM

Nginx – Configure php5-fpm for many concurrent users

Related Topic