Block IP address access and wildcard domain Nginx

Question

I'm new to Nginx, I want to block direct IP address access to my server and redirect wildcard domain to my main website. Here is why I got so far in /etc/nginx/sites-available/default:

server {
    listen 80;
    listen [::]:80;
    server_name ~^(www\.)?(?<domain>.+)$;

    if ($domain != "12.13.14.15") {
        return 301 https://mainwebsite.com/$domain;
    }

    return 404;
}

Everything seems to be working fine with the config above, but later I found that Nginx if is evil, also when the domain doesn't exist in my main website's database it will show 404 not found page on the mainwebsite.com.

What I'm trying to achieve are:

1. Block direct IP address access without using if.
2. Redirect wildcard domain to my main website if the domain actually exists in my database, else return 404 without redirection. I noticed there is try_files but I'm not sure if it can be used to check an external URL.

Can someone please give me some light?

Answer 1

I haven't tested, but I'de guess something like that should work

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name ~^(www\.)?(?<domain>.+)$;

    return 301 https://mainwebsite.com/$domain;

    return 404;
}

server {
    listen 80;
    listen [::]:80;
    server_name 12.13.14.15;

    return 404;
}

If not, you could always use a script (here I show with php, but could be node-js, perl, python, etc...)

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    try_files index.php =404;
}

index.php

<?php

$domain = str_ireplace('www.', '', parse_url($_SERVER['HTTP_HOST'], PHP_URL_HOST));

if($domain == '12.13.14.15') {
    http_response_code(404);
    // include a 404 page?
    // require('404.php');
} else {
    $newURL = 'https://mainwebsite.com/'.$domain;
    header('Location: '.$newURL, 301);
}
exit();

Answer 2

# One Block for Main Configuration 
server {
    listen 80;
    listen [::]:80;
    server_name ~^(www\.)?(?<domain>.+)$;
    ..........
} 

Note: I don't recommend to use a Regular expression in the server_name parameter. You can introduce another/multiple server blocks if you want to redirect HTTP to httpd or non-www to www.

Ref : Nginx redirect certbot www to non-www

# Second Block for all nonavailable server.
server {
        listen      80 default_server;
        server_name "";
        return      444;
    }

444 Represent "CONNECTION CLOSED WITHOUT RESPONSE"