I have a number of vhosts, and I'd like to "turn off" the default vhost, either by blank page, error page, or generally whatever is the most efficient use of Nginx's resources, whilst only allowing other vhosts to be access via pre-defined domains.
Asked
Active
Viewed 5.0k times
6 Answers
64
Define a default_server that returns an HTTP 444 code:
server {
listen 80 default_server;
server_name _;
return 444;
}
(Returning a 4xx error code means requests can be interpreted by a client as an unsuccessful request, rather an HTTP 200 Blank Page But Totally Worked Trust Me.)
For port 443 / SSL requests, you can use ssl_reject_handshake on
Rob Howard
- 756
4
Just define default vhost that will point to directory with blank index.html file.
server {
listen 80 default_server;
server_name _ ;
root /var/www/placeholder ;
index index.html;
}
and place blank index in /var/www/placeholder
wojciechz
- 538
2
This is what worked for me for both HTTP and HTTPS on Debian 10 (buster) running nginx 1.18.0.
Note: I always append include /etc/nginx/sites-enabled/*; to the http section of /etc/nginx/nginx.conf and manage vhosts using /etc/nginx/sites-available and /etc/nginx/sites-enabled` folders.
Step 1: create self-signed placeholder cert
$ mkdir -p /usr/local/etc/ssl
$ cd /usr/local/etc/ssl
$ openssl req -new -x509 -days 1 -nodes -out default-cert.pem -keyout default-key.pem
Generating a RSA private key
.+++++
.........................+++++
writing new private key to 'default-key.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Step 2: create default vhost
cat << EOF > /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen 443 default_server ssl;
return 444;
ssl_ciphers aNULL;
ssl_certificate /usr/local/etc/ssl/default-cert.pem;
ssl_certificate_key /usr/local/etc/ssl/default-key.pem;
}
EOF
Step 3: enable default vhost
cd /etc/nginx/sites-enabled
ln -s ../sites-available/default default
Step 4: restart nginx
sunknudsen
- 851
1
why not just deny all
server {
listen 80 default_server;
server_name _;
location / {
deny all;
}
}
Joel Ma
- 11
1
I learn this form asp.net core document
server {
listen 80 default_server;
# listen [::]:80 default_server deferred;
return 444;
}
You can find it in nginx document too
https://nginx.org/en/docs/http/request_processing.html
server {
listen 80;
server_name "";
return 444;
}
Here, the server name is set to an empty string that will match requests without the “Host” header field, and a special nginx’s non-standard code 444 is returned that closes the connection.
ws_
- 111
0
In newer versions you can simply do this:
server {
listen 80;
server_name "";
return 444;
}
Taken trom http://nginx.org/en/docs/http/request_processing.html
andyhasit
- 173