Nginx – the difference between server_name _ and server_name “” in Nginx

nginxvirtualhost

I want to set a default catch-all server block to handle any host names that do not match my exact server_name values. But I'm unsure which one should I use.

server {
    listen 80 default_server;
    server_name ""; # this is by default if no server_name specified
    return 444;
}

server {
    listen 80 default_server;
    server_name _;
    return 444;
}

I've tested and they seem to behave equally. Is there any difference between them?

Best Answer

Short answer: Yes, there is difference between server_name ""; and server_name _;

Long answer: server_name ""; defines a match for a request without host header since 0.8.48 and it has been supported since 0.7.12.

https://nginx.org/en/docs/http/request_processing.html

If requests without the “Host” header field should not be allowed, a server that just drops the requests can be defined:
server {
    listen      80;
    server_name "";
    return      444;
}
Here, the server name is set to an empty string that will match requests without the “Host” header field, and a special nginx’s non-standard code 444 is returned that closes the connection.

On the other side, server_name _; defines an invalid server names which never intersect with any real name. It is just a non-match. So in the event of no matches, nginx will select the first server{} block and use that.

To conclude, you can use server_name _; for catch-all server block but not server_name "";.

Reference - https://stackoverflow.com/questions/9454764/nginx-server-name-wildcard-or-catch-all https://blog.gahooa.com/2013/08/21/nginx-how-to-specify-a-default-server/

Related Solutions

Nginx – Prevent SSL Server Block from Acting as Catchall

Ideally either I'd like nginx to not serve https at all unless the hostname matches, or for it to redirect to http at the same host.

Neither is possible. The connection from a client that goes to https://foo.example.com/ cannot be accepted by anything but an SSL certificate with "foo.example.com" as one of its names. There is no opportunity to redirect until the SSL connection is accepted.

If you configure each site for SSL, a user who clicks through the certificate error will get the site they requested. If you configure a "catch all" site for SSL that provides only an error page and configure name-based virtual hosting for the one site that is supposed to support SSL, you can serve an error page to clients.

SSL and HTTP virtual hosting just don't play nicely together.

Nginx – Properly setting up a “default” nginx server for https

I managed to configure a shared dedicated hosting on a single IP with nginx. Default HTTP and HTTPS serving a 404 for unknown domains incoming.

1 - Create a default zone

As nginx is loading vhosts in ascii order, you should create a 00-default file/symbolic link into your /etc/nginx/sites-enabled.

2 - Fill the default zone

Fill your 00-default with default vhosts. Here is the zone i am using:

server {
    server_name _;
    listen       80  default_server;
    return       404;
}


server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    return       404;
}

3 - Create self signed certif, test, and reload

You will need to create a self signed certificate into /etc/nginx/ssl/nginx.crt.

Create a default self signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Just a reminder:

Test the nginx configuration before reloading/restarting : nginx -t
Reload a enjoy: sudo service nginx reload

Hope it helps.

Best Answer

Related Solutions

Nginx – Prevent SSL Server Block from Acting as Catchall

Nginx – Properly setting up a “default” nginx server for https

Related Topic