cannot match a server with double Ip address - nginx

I have a server with two ip: when i use nginx as Reverse Proxy for jboss7,
in order to prevent direct access use ip address,(we have configured the dns),
i use configuration bellow:
# You may add here yourdefault_server;
# server {
#
server {
listen *:80;
server_name _;
return 404;
}
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name www.shikuaigou.com localhost;
charset utf-8;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://jboss;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
}
server {
listen 80;
server_name example.com;
rewrite "^/(.*)$" http://www.example.com/$1 permanent;
}
server {
listen 12.34.56.78;
server_name www.example.com;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://jboss;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
}
but only on ip can matche the server whitch return 404,the other one cannot match the
configuration server_name _;
which cause this?


Because you have listen 12.34.56.78; so nginx chooses this server to process requests on 12.34.56.78, since it is more specific for that IP.
Please, also note that server_name _; actually means nothing, except an incorrect domain name.
Reference:
Server names
How nginx processes a request
The listen directive

Related

nginx configuration server_name is wrong but website is still working?

I only want to allow access to my server from one domain. Lets say my domain is called "mydomain.mydomain.com" (yes, it is a subdomain).
Normally I would write everywhere server_name mydomain.mydomain.com, but I changed it to a non-existing domain and I can still enter the website? Why is my website working also from other domains? I know nginx is normally using the first server-block if no server_name is found, but my first server-block is my catch-all non-existing domain block. I defined server_name _; and default_server, but still, my website is working.
I have the following configuration:
server {
#If server_name mydomain.mydomain.com is not found return 444
listen 80 default_server;
server_name _;
return 444;
}
# redirect all traffic to https if the domain is mydomain.mydomain.com (server_name)
server {
listen 80;
listen [::]:80;
#-------------------------------------------
# I CHANGE HERE TO A NON-EXISTING DOMAIN AND MY WEBSITE IS STILL WORKING?!?!?
#-------------------------------------------
server_name nonExistingDomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /config/www;
index index.html index.htm index.php;
#-------------------------------------------
# I CHANGE HERE TO A NON-EXISTING DOMAIN AND MY WEBSITE IS STILL WORKING?!?!?
#-------------------------------------------
server_name nonExistingDomain.com;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
client_max_body_size 0;
error_page 404 =200 /portal;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location = / {
return 301 https://mydomain.mydomain.com/portal;
#try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /pea {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/pea;
# do not pass the CORS header from the response of the proxied server to the
# client
#proxy_hide_header 'Access-Control-Allow-Origin';
}
location /portal {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8180/portal;
}
location /auth {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8280/auth;
}
}

You are listening to the IpV6 network socket in your server blocks where you change domain to non-existent. Since there are no other such server blocks, they are the default for those IPv6 ports.
Note that your first server block is default only for IPv4 network socket listen 80 default_server;.
Thus the behavior can be explained only by the fact that you are connecting/testing over IpV6.
To avoid inconsistency, use default_server for all your listen options. E.g. in the first server block add default server for IPv6 too:
server {
#If server_name mydomain.mydomain.com is not found return 444
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}

Two applications within one server block

I'm not sure if this is possible or not, but the goal is to serve two applications within one server block. The primary application is NodeJS, but I would like to have a "/blog" that would point to a Wordpress install on the server. I am currently able to serve the blog on a subdomain.
The nginx config currently looks like this:
server {
listen 80;
listen [::]:80 ipv6only=on;
root /var/www/html;
index index.php index.html index.htm;
server_name blog.example.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/xyz.conf;
include snippets/zyx.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Is there a way for me to serve the blog to "/blog" inside of the second server block in a similar fashion as the first?

Nginx configuratie redirect http to https for only one domain

In the beginning of my Nginx .conf file I have added the following redirect:
server {
listen 80;
listen [::]:80;
server_name *.a-domain.nl;
return 301 https://$host$request_uri;
}
server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
listen 443;
listen [::]:443 ipv6only=on;
server_name *.a-domain.nl;
ssl on;
ssl_certificate /etc/ssl/b-domain.crt;
ssl_certificate_key /etc/ssl/b-domain.key;
location ~* \.(ogg|ogv|svgz|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|html|txt|htm)$ {
root /var/www/html/mtcore/web;
try_files $uri $uri/ $uri.html =404;
}
location / {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
listen 80;
listen [::]:80 ipv6only=on;
server_name _;
location ~* \.(ogg|ogv|svgz|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|html|txt|htm)$ {
root /var/www/html/mtcore/web;
try_files $uri $uri/ $uri.html =404;
}
location / {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
Only when I open in an browser the following domain www.b-domain.nl that is served on the same server, the Nginx also redirects it to https. I would expect that Nginx only redirects www.a-domain.nl?

The first server block is the implicit default server for port 80, so it gets to process all http requests irrespective of server name. The third server block would only match the server name _, which is either illegal or unlikely.
To make another server block the default, use default_server option on the listen directive.
See this document for more.

Http block in nginx config breaks my server configuration

I was trying to organize my nginx config file a little better by adding an http block.
This is the working config file.
upstream node_server {
server 127.0.0.1:5000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://node_server;
}
}
However when I wrap this code in a http block it breaks. i.e.
http{
upstream node_server {
server 127.0.0.1:5000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://node_server;
}
}
}
Can anyone explain why this might be the case. To my knowledge you can wrap server blocks inside the http block.

Nginx redirect reverse proxy 404

I have the following Nginx server block:
server {
listen 80;
listen [::]:80;
server_name example.com;
root /usr/share/nginx/html;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost/page-1/;
}
}
I would like that when the user gets a 404 error on example.com, the proxy_pass should change to direct to http://localhost/example-404/.
However, this server block and the one for http://localhost both have the same root so alternatively it could just point to /example-404/ internally, I'm not sure which is easier to do. Either way, I want the address in the browser's address bar to stay the same.
The reason I want this is that there will be a different 404 page if accessing the server from http://localhost directly. I would really appreciate anyone's thoughts on this!

You can use different vhosts to give different results depending on how the user is accessing the server. I'd imagine something like this might work:
server {
listen 80;
server_name example.com;
root /usr/share/nginx/html;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_intercept_errors on;
error_page 404 = #errors;
proxy_pass http://localhost/page-1/;
}
location #errors {
root /usr/share/nginx/errors/example.com.404.html;
}
}
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_intercept_errors on;
error_page 404 = #errors;
proxy_pass http://localhost/page-1/;
}
location #errors {
root /usr/share/nginx/errors/localhost.404.html;
}
}

Resources