Why Nginx prefers default_server instead of server block with exact host match

Question

Check this nginx config. If sending a request like - curl -H "Host: test.com" http://127.0.0.1:8200

Why does nginx use the second server block instead of the first block (with exact host and protocol match) and results in 400 error saying that plain HTTP request was sent to HTTPS port.

  server {
    listen 8200;
    server_name test.com;
location / {
  return 200 'Block1';
}

}
server {
    listen 8200 ssl default_server;
    ssl_certificate /etc/ssl/server.cer;
    ssl_certificate_key /etc/ssl/server.key;
location / {
  return 200 'Block2';
}

}

score 0 · Answer 1 · answered Nov 27 '24 at 11:29

In this case flag ssl works for all servers that listen to port 8200. So both of yours server blocks expect https on port 8200.

Since you've sent plain http request to https port, nginx has no idea what host name you've send and request ends up in default server.

Why Nginx prefers default_server instead of server block with exact host match

1 Answers1