Set default server on NGINX

Posted Friday 19 June 2015 by Urs Riggenbach.

When NGINX can’t match a virtual host to a requested domain name it serves the first server-block registered in the system. This results in all unconfigured domain names serving the same website, which negatively affects SEO.

To serve a site for all unconfigured domain names, use the default_server property to serve a placeholder page. Don’t forget to set it on both HTTP:80 and HTTPS:443.

Create a file in /etc/nginx/sites-enabled/ and paste this config to serve a static html page stored at /var/www. Don’t forget to adjust the reference to the SSL key and crt.

Don’t forget to restart the nginx server afterwards (Debian):
service nginx restart

Sample fallback config file

server {
        listen   80 default_server;

        root /var/www;
        index index.html index.htm;

        # Make site accessible from http://localhost/
        server_name localhost;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.html;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

       
}



# HTTPS server
#
server {
        listen 443 default_server;
        server_name localhost;

       root /var/www;
       index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/fallback.crt;
ssl_certificate_key /etc/nginx/fallback.key;

#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#Disables all weak ciphers
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

ssl_prefer_server_ciphers on;

        location / {
                try_files $uri $uri/ =404;
        }
}

Leave a comment
← Newer Post Previous Post →