Set default server on NGINX

Posted Friday 19 June 2015 by Urs Riggenbach.

When NGINX can’t match a virtual host to a requested domain name it serves the first server-block registered in the system. This results in all unconfigured domain names serving the same website, which negatively affects SEO.

To serve a site for all unconfigured domain names, use the default_server property to serve a placeholder page. Don’t forget to set it on both HTTP:80 and HTTPS:443.

Create a file in /etc/nginx/sites-enabled/ and paste this config to serve a static html page stored at /var/www. Don’t forget to adjust the reference to the SSL key and crt.

Don’t forget to restart the nginx server afterwards (Debian):
service nginx restart

Sample fallback config file

server {
	listen   80 default_server;

	root /var/www;
	index index.html index.htm;

	# Make site accessible from http://localhost/
	server_name localhost;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ /index.html;
		# Uncomment to enable naxsi on this location
		# include /etc/nginx/naxsi.rules
	}

	
}



# HTTPS server
#
server {
	listen 443 default_server;
	server_name localhost;

        root /var/www;
        index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/fallback.crt;
ssl_certificate_key /etc/nginx/fallback.key;

#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#Disables all weak ciphers
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

ssl_prefer_server_ciphers on;

	location / {
		try_files $uri $uri/ =404;
	}
}