NGINX - How to check whether the requested domain and server_name (HOST header value) are same

Question

I have multiple services running in a machine behind NGINX,

Using server_name configured for few application's end points

server {
    server_name my_app_1;
    listen *:443;
    ....
}
server {
    server_name my_app_2;
    listen *:443;
    ....
}

Since i want one service to be a default application for my machine, I exposed it as a default-server

#mydomain.com
   server {
        listen *:443 default_server;
        location / {
           ...
        }
    }

The problem is, when the NGINX receives a request for https :// mydomain.com with HOST header set as 'another.app.com', the default_server starts serving.. It returns 404,

But I want to restrict the default-server or another server to serve only when HOST header and request domain are same.

something like,

server {
    server_name $request_domain;
    listen *:443;
}

Please help me on this.

Note: We can give the possible combination of all domain names for server_name. In my case IPs are not static / dynamic

score 2 · Answer 1 · answered May 22 '20 at 13:25

2

You can use below redirect rule in the virtual host.

server_name test1.com;
set $domain_name test1.com;
if ($http_host != $domain_name) {
return 403;
}

The above rule will allow when http_host and domain name match. Otherwise it will give 403 error.

answered May 22 '20 at 13:25

Pandurang

1,656
2
6
10

NGINX - How to check whether the requested domain and server_name (HOST header value) are same

1 Answers1