nginx keeps answering with the 'default nginx site' despite it being removed from config

Question

I was hoping someone could help me with this strange problem. On a 'clean' server install, I have the following "website.com" and nginx configs, yet if you try to go to the http version of www.website.com, it renders the default nginx page, instead of forwarding over to the https version like it's configured to do. The site is using the AWS Linux ami, and is behind an elb (hence the directive for elb-check).

In my /sites-available (and ln -s'd to /sites-enabled), all I have (even when doing a # ls -lah) is: default_server website.com elb-check

The configs (as well as the nginx.conf are below).

Thank you in advance! Please let me know if there's additional info/configs you need.

website.com:

# Send http www. to https www.
    server {
    listen 80;
    server_name www.website.com;
    return 301 $scheme://www.website.com$request_uri;
    server_tokens off;

    }

# Send http non www. to https www.
    server {
    listen 80;
    server_name website.com;
    return 301 $scheme://www.website.com$request_uri;
    server_tokens off;

    }

# Send https non www. to https www. 
    server {
    listen 443 ssl;
    server_name website.com;
    return 301 $scheme://www.website.com$request_uri;
    server_tokens off;

        ssl_certificate "/path.to.crt";
        ssl_certificate_key "/path.to.key";
        ssl_dhparam "/etc/pki/nginx/dhparams.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH;
        ssl_prefer_server_ciphers on;

    }

# Answer https and www. requests

    server {
        listen  443 ssl;
        server_name www.website.com;
        index   index.html index.php;
        root    /home/website/html;
        access_log  /var/log/website/access.log;
        error_log   /var/log/website/error.log;
    server_tokens off;

        ssl_certificate "/path.to.crt";
        ssl_certificate_key "/path.to.key";
        ssl_dhparam "/etc/pki/nginx/dhparams.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH;
        ssl_prefer_server_ciphers on;

    location / {
        root    /home/website/html;
        try_files $uri $uri/ /index.php?$uri&$args;
        }

    location ~ /private\.php$ {
        auth_basic "Restricted Area";
        auth_basic_user_file /home/website/.htpasswd;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include fastcgi_params;
        }

    }

nginx.conf:

# nginx config
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;


    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    # Load Virtual Sites
    include /etc/nginx/sites-enabled/*;
    include /etc/nginx/sites-available/*;

    index   index.php index.html index.htm;
    server_tokens off;
}

default_server:

# To black-hole all other subdomain requests
server {
    listen 80;
    server_name _;
    return 444;
}

elb-check:

# So the ELB sees the instance as still being alive
server {
    location /home/elb-check { 
    access_log off;
    return 200;
    add_header Content-Type text/plain;
    }
}

Run `nginx -t` and check the output carefully. – Michael Hampton Jul 11 '16 at 02:01 — Michael Hampton, Jul 11 '16 at 02:01
this is what I do all the time @Mic – prosti Oct 01 '16 at 23:22 — prosti, Oct 01 '16 at 23:22

score 6 · Answer 1 · answered Jul 11 '16 at 01:42

6

Nginx will choose the first server in the config if no default server is specifically defined. Install a dummy default server.

# This just prevents Nginx picking a random default server if it doesn't know which
# server block to send a request to
server {
  listen      80 default_server;
  server_name _;
  return 444;
  access_log off; log_not_found off;
}

You may want to define a default https server as well, though it will probably generate certificate warnings if it's not on a specific domain. I don't bother.

answered Jul 11 '16 at 01:42

Tim

31,888
7
52
78

Why is mine routing to the _default_ nginx page though? There's nothing directing traffic to that location (`/usr/share/nginx/html`). – zagman76 Jul 11 '16 at 02:30
3

Probably because it's a default built into nginx, and your higher up sites don't define a root. – Tim Jul 11 '16 at 02:50
How Nginx knows what is the "first server in the config" ? Good one... – prosti Oct 01 '16 at 23:24
@prosti that's the point. The order of servers is undefined (at least to me) so you use the default_server directive to tell Nginx what to do, rather than effectively letting it choose randomly. I'm sure there is an order that files are included, perhaps alphabetic, but I don't know it and it's not important enough to look up. – Tim Oct 01 '16 at 23:56
first of all to get the idea of "first server in the config" you would need to check the algo fo the nginx. I sure this is based on the `include` directives order you specify in nginx.conf, else if you have a wild char it may be even based on OS call. Like you set ls *.conf, but not important as you said. nothing big, just that sintagma of yours brought my attention. – prosti Oct 02 '16 at 00:15

score 2 · Answer 2 · answered Jul 18 '20 at 20:57

I think another issue is/was with the nginx.conf, at the bottom where you are including the sites-enabled/*. You are including both available and enabled configurations. You are loading your configuration twice, so nginx, not finding a working config, will always default to a basic config.

# Load Virtual Sites
    include /etc/nginx/sites-enabled/*;
    include /etc/nginx/sites-available/*; <-- do not need this too.

nginx keeps answering with the 'default nginx site' despite it being removed from config

2 Answers2