LoveDuckie

NGINX: Default Server Configurations

NGINX: Default Server Configurations

NGINX: Default Server Configurations

NGINX: Default Server Configurations

Updated 3 years ago
8 Minute(s) to read
Posted 3 years ago Updated 3 years ago 8 Minute(s) to read 644 comments

I recently encountered a critical issue when configuring my NGINX server (that serves this website), when I had multiple (unrelated) domain names configured to point to the same virtual private server (VPS). The problem was that only one set were meant to be in use (such as loveduckie.*). Unfortunately, this then meant that the remaining domain names (the ones intended to be left unused) were erroneously pointing to my portfolio website when they should not have been. This is can be particularly problematic, because Google can severely relegate the search ranking for your website, if it deems it not to be the "canonical" version of it.

What this means exactly is that there could be two completely separate and unrelated domain names pointing to the same page or content, but because Google considers the wrong one to be the "one true source", it then defines it as the canonical version which is not our intention. I don't want an unrelated domain name to become the "canonical" source for my portfolio!

To fix this, I produced a NGINX configuration that ensured that any time the unused set of domains were visited, they would be redirected to a default error landing page (much like you would expect when navigating to a HTTP 404). This means that subsequent crawls from Google will be able to determine a difference between my portfolio's domain names, and the ones that are considered to be unrelated.

The error pages look a little something like this.

The default landing page that is presented to viewers when they navigate to the wrong domain name.

The default landing page that is presented to viewers when they navigate to the wrong domain name.

And of course, there are custom error pages depending on the HTTP status code that is being returned.

The error page that is served to the user when the HTTP 404 error code is returned.

The error page that is served to the user when the HTTP 404 error code is returned.

Aside from the overkill templating of the error pages with Bootstrap, there's nothing particularly fancy about this so far.


NGINX Configuration

Configuring your NGINX server is pretty straight forward, and only relies on you needing to use a particular set of keywords that NGINX parses when reading your configuration files. To begin with, you are going to want to create a new server configuration file called default.conf. The name of the configuration file is largely irrelevant, as your NGINX server should be configured to read all configuration files under a certain directory. For instance, your default nginx.conf configuration file should contain a statement such as include /etc/nginx/conf.d/*.conf so that it can read all configuration files (that presumably have server blocks) and load your virtual servers accordingly.

server 
{
    listen  80 default_server;
    listen  [::]:80 default_server;
    listen  443 ssl default_server;
    listen  [::]:443 ssl default_server;
    server_name_in_redirect off;
    server_name  default_server;
}

So far, so good. All this server block is ensuring that it is binding itself to both port 80 and 443, which are used for HTTP and HTTPS traffic. You'll also note the usage of "default_server", which basically tells NGINX that if the domain name does not have a server block configuration available for it on the server, then simply make use of this "default" server block configuration instead.

There's a few other things going on here as well.

  • server_name_in_redirect off; basically states that there doesn't need to be a match between the host name defined in the HTTP request Host header and the server_name configuration value in order for the our default configuration to be considered a valid match.
  • server_tokens off; is not strictly related to this article, but basically states that the HTTP response mustn't specify that this was served by NGINX (i.e. Server HTTP header).

Handling Specific HTTP Errors

In the instance that someone navigates to a page that does not exist or cannot be served by any of the "server block" configurations loaded by NGINX, you will likely want to redirect them to a 40x or 50x error status page. Configuring page redirects for both range of error codes is straight forward.

server 
{

    ...

    root   /var/www/default;
    index  index.html index.htm;

    location ~* ^.+ {
        try_files $uri $uri/ =404;
    }

    location / {
        try_files $uri $uri/ =404;
    }

    error_page 404 /404.html;
    error_page 403 /403.html;
    location = /404.html {
        root   /var/www/default;
    }
    
    error_page  500 502 503 504 /500.html;
    location = /500.html {
        root   /var/www/default;
    }

    ...

}

In the example above, I set the root directory to /var/www/default which is the path I am using for storing static page files for my error pages in my NGINX Docker container (as shown in the screenshots above). If you are building a NGINX service from a Docker image, you will want to make sure that the path exists, and that there are static files that you can serve from the path.

Handling SSL Traffic

Next, you are going to want to make sure that you have some kind of SSL certificate that you can use for serving HTTPS traffic. Unless you actually have a valid HTTPS certificate for the traffic that you are intending on redirecting, you will want to create your own self-signed one using the available SSL command-line tooling.

Installing Dependencies for SSL in Docker (Optional)

If you are using the Alpine Linux variant of the NGINX Docker image (nginx:stable-alpine for example), you must ensure that you've installed the required dependencies through the Alpine Linux package manager.

RUN apk add --no-cache openssl

And then you will want to generate your own self-signed certificate, and then store it somewhere appropriate in the filesystem for the Docker container.

RUN openssl req -new -x509 -nodes -days 365 -newkey rsa:4096 -extensions 'v3_req' \
        -keyout /etc/nginx/ssl-default/default-privkey.pem \
        -out /etc/nginx/ssl-default/default-fullchain.pem \
        -config /etc/nginx/openssl-gen.cnf > /dev/null 2>&1

You'll note that this command-line expression is referring to a configuration file that is located at /etc/nginx/openssl-gen.cnf. This is a custom configuration file that I've copied into the Docker image from a previous COPY statement. The path can be changed with wherever you decide to copy this configuration file to inside your Docker container. The configuration file looks little something like this...

[req]
default_bits       = 4096
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
name = Your Name Goes Here
countryName= Your Country Name Goes Here
stateOrProvinceName = Your State or Province Name Goes Here
emailAddress = Your Email Address Goes Here
localityName = London
organizationalUnitName = Your Name Goes Here
commonName = localhost

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1

Nothing too fancy, and it doesn't necessarily need to have the SAN (subject alternate names) definitions for the unsupported domain names that you intend on redirecting to your default landing pages. Of course, because it is a self-signed certificate (i.e. a certificate signed using your own created certificate authority), you should assume that this will throw HTTPS errors should people navigate to the domain through HTTPS.

Testing Configuration Changes

Ensure that you've tested your changes before restarting your Docker container, or reloading your configuration file.

#!/bin/bash
nginx -t

And then reload your configuration if the response is without errors.

#!/bin/bash
nginx -s reload

Alternatively, if you are running NGINX from a Docker container, you can do it from the command-line (outside of the container) using a command similar to this.

#!/bin/bash
docker exec -it your-nginx-container-name-goes-here nginx -s reload

Conclusion

Use a default configuration to prevent there being "search result collisions" between two unrelated domain names that target the same host.

I hope you found this useful. There is another approach to this, and that is to adjust the firewall configuration for your virtual private server, so that all traffic to that particular host (read: domain) name is rejected. This is largely contingent on what Linux operating system you are using, and is arguably not as convenient as managing it at container-level (i.e. from the NGINX instance itself).

You can find the complete NGINX configuration snippet for everything discussed in this article, in this Gist on GitHub.


Complete NGINX Configuration

server 
{
    listen  80 default_server;
    listen  [::]:80 default_server;
    listen  443 ssl default_server;
    listen  [::]:443 ssl default_server;
    server_name_in_redirect off;
    server_name  default_server;
    server_tokens off;

    charset utf-8;

    access_log  /var/log/nginx/host.access.log  main;
    error_log  /var/log/nginx/host.error.log  warn;

    ssl_certificate /etc/nginx/ssl-default/default-fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl-default/default-privkey.pem;

    root   /var/www/default;
    index  index.html index.htm;

    location ~* ^.+ 
    {
        try_files $uri $uri/ =404;
    }

    location / 
    {
        try_files $uri $uri/ =404;
    }

    error_page 404 /404.html;
    error_page 403 /403.html;
    location = /404.html 
    {
        root   /var/www/default;
    }

    error_page  500 502 503 504 /500.html;
    location = /500.html 
    {
        root   /var/www/default;
    }
}

Useful Reading

Find below some other useful links that I found when trying to troubleshoot my woes.

I hope you found this useful. Feel free to get in touch if you require any help!


Programming Languages:

Dockerfile

Technologies:

NGINX Docker


Comments

Comments

You'll be able to play out any position that involves thoughts, with all the toys accessible for use as effectively.
Tell us. Though we will not match every price reported,
we'll use your suggestions to ensure that our prices remain aggressive.
The place did you see a lower value? Discovered a lower worth?
This intercourse IQ test will show you if you're a intercourse genius, or in case you are simply blowing scorching air.

LifeSelector is definitely one among my favorite
online sex games as it is the only possibility that gives real porn with an interactive storyline.
Paid members will garner access to stay cams, 3D cartoon porn movies, motion pictures, and a
whole library of both (N)SFW grownup games. If that doesn’t make you
need to scrap your Mac for a Pc, I don’t know
what will. We also use these cookies to know how customers use our services (for example, by measuring site visits) so we could make enhancements.

Violent Night is screening at the New York film pageant and shall be launched in US
and UK cinemas on 18 November, and in Australia on 17 November.

However the part-time jockey, the son of leading racehorse
proprietor Sir Robert Waley-Cohen and his spouse Felicity, daughter of Viscount Bearstead, insisted
he would nonetheless retire, including: ‘I stated for ages that if I win the
Grand National I’ll retire there after which - and give Dad my boots within the
winning enclosure. He used horse-racing to assist him by means of his grief, unexpectedly winning on the Cheltenham Festival
in 2005, riding his father's horse Libertine.
Mr Waley-Cohen has 4 Cheltenham Festival victories,
including an unexpected 2005 win on his father’s horse, Libertine.
In 2011, he gained the Gold Cup on one other of his father’s horses,
Long Run, where he beat Kauto Star and turned the primary newbie in 30 years to
win the race. However it isn't the primary time he has been involved in a fairytale.
It was nice to see two people who find themselves so in love.
His brother Thomas, younger by two years, was diagnosed in 1995 with the
bone most cancers Ewing’s sarcoma and died in 2004, simply days after his twentieth birthday.

A marked improvement in the fortunes of South Korea’s two foreigner-only casino businesses has been shown for September.

These can be used to enroll to websites and bypass
identity/verification checks. Some websites have additional checks in place and will verify with the issuer against
the small print you've supplied, so it may not all the time work.
We imagine acquiring such sensitive finanacial particulars
wont be wanted. Giving up such details is like giving up your privacy to website owners that you
don't actually wish to purchase from. Credit card generated from this website do not work like an precise credit card these
cards are merely for information testing and or verification functions they don't have an actual real world value.

All the bank cards generated using credit
card generator are valid but they do not possess
any real worth as you can't use them for making any monetary transactions.

The table under lists the IIN ranges for MasterCard and Maestro, which is
a debit card service owned by MasterCard and big in Europe.
The final digit is the checksum which we explained tips on how to calculate utilizing the MOD 10
algorithm. It is used to validate the primary account quantity to guard towards unintentional errors.

Afterwards comes the account quantity, digit 7 to last minus one.
The Luhn algorithm used to substantiate that the cardboard number is legitimate.


A legitimate credit card nubmer may be simply generated
by simply assigning quantity prefixes just like the number 4 for Visa bank
cards, 5 for MasterCard, 6 for Discover Card, 34 and 37 for
American Express, and 35 for JCB Cards. All credit card numbers generated from
this website are fully random and doesn't maintain any real-world worth.
To be completely clear and spell this out, these pretend bank
card numbers shouldn't be used to try to purchase stuff. They merely respect tips of a valid
bank card quantity.
We all the time follow the rule of the Luhn Algorithm whereas producing credit card particulars.

Our credit card generator tools work in an analogous form, like how bank card issuers
make their credit cards. The credit card generator is used to generate the credit card numbers for a quantity
of purposes within the enterprise business. They are software programs that use guidelines for creating numerical legitimate credit
card numbers from various credit card companies.
Its primary use is in e-commerce testing websites to ensure
the correct processing of the numbers. The credit card quantity are legitimate which means they're made like the true bank card number but
the particulars corresponding to names, address, CCV and etc are completely faux and random.

Now let’s see what you want to do if you come across such a card.
Each card quantity, whether or not belonging to MasterCard or to
another funds firm, begins with an issuer identification quantity , which is all the time six-digit long.
As its name implies, the IIN is used to establish the card issuer who's issuing its cards
by way of a card community (e.g. MasterCard or Visa).

Using a bank card generator lets you create trial accounts for websites and not be
nervous about shedding money as quickly as the trial interval expires.
There are some users who try to game the system by
repeatedly creating new trial accounts with dummy card details.

This means their trial interval never runs out they usually
get to use a web sites service free of charge. This is a potential state of affairs
however it's vehemently in opposition to our TOS we are going to block any customers abusing our free platform.
If a net site catches you abusing their trial account
system then count on your accounts to be terminated and being
permanently blocked.
What will we imply by legitimate - is that they're created with the same quantity
formulation which is the mod-10 or modulus 10
algorithm to create a sound bank card number. No,
bank card particulars generated from VCCGenerator are only for testing purposes.
Do not use these faux credit card numbers to make any purchase.
Any purchase wouldn't be accomplished both as the numbers do
not include a legitimate expiration date, card holder's name, and CVV numbers.
Note that what we're providing are random credit card particulars.

It includes Visa, JCB, MasterCard, Discover and American Express.
The first digits of bank cards can be utilized to establish the credit card’s major trade.
The easiest and commonest methodology of bank card verification usually entails merely checking picture
I.D. Some shops would require this for all customers, whereas others will only do it randomly.
Virtual bank card numbers are only as secure as the company that issues them.

-------------CONTACT-----------------------
WEBSITE : >>>>>>Validcc✺ Site

----- HERE COMES THE PRICE LIST -----------
***** CCV US:
- US MASTER CARD = $2,5 per 1 (buy >5 with price $3 per
1).
- US VISA CARD = $2,7 per 1 (buy >5 with price $2.5 per
1).
- US AMEX CARD = $2,4 per 1 (buy >5 with price $2.5 per 1).

- US DISCOVER CARD = $2,4 per 1 (buy >5 with price $3.5 per 1).

- US CARD WITH DOB = $15 per 1 (buy >5 with price $12 per 1).

- US FULLZ INFO = $40 per 1 (buy >10 with price $30 per 1).


***** CCV UK:
- UK CARD NORMAL = $2,5 per 1 (buy >5 with price $3 per 1).

- UK MASTER CARD = $2,2 per 1 (buy >5 with price $2.5 per 1).

- UK VISA CARD = $2,4 per 1 (buy >5 with price $2.5 per 1).

- UK AMEX CARD = $4,1 per 1 (buy >5 with price $4 per 1).

$


- UK CARD WITH DOB = $15 per 1 (buy >5 with price $14 per 1).

- UK WITH BIN = $10 per 1 (buy >5 with price $9 per 1).

- UK WITH BIN WITH DOB = $25 per 1 (buy >20 with price $22 per 1).


- UK FULLZ INFO = $40 per 1 (buy >10 with price $35 per 1).

***** CCV AU:
- AU MASTER CARD = $5.5 per 1 (buy >5 with price $5 per
1).
- AU VISA CARD = $5.5 per 1 (buy >5 with price $5
per 1).
- AU AMEX CARD = $8.5 per 1 (buy >5 with price $8 per 1).

- AU DISCOVER CARD = $8.5 per 1 (buy >5 with price $8 per 1).

***** CCV CA:
- CA MASTER CARD = $6 per 1 (buy >5 with price $5 per 1).


- CA VISA CARD = $6 per 1 (buy >5 with price $5
per 1).
- CA VISA BUSINESS = $14 per 1 (buy >5 with price $13 per 1).

каким образом приобрести телеграм
аккаунты без обмана

The cost of a beer in most bars and eating places right
here is round $four to $6. The cost of a meal in a restaurant in Austria and
can vary from $9 to $fifty five relying on the quality of the restaurant.
The HIV prevalence fee in Austria is pretty low and sexual health
is taken very significantly on this country. The biggest lengthy-distance operator in the area
is the state company OBB, that additionally operates the extensive regional prepare community within the country.
Similarly, it is not doable to move around the area by
boat. 1000's of single ladies in Austria are trying to find a companion and potential future husband.
As for the larger cities, there are a variety of resorts from
primary price range places to extreme luxurious hotels that present
amazing providers with regards to hospitality and care.
In general, most cities here are trendy and have plenty of locations the place you can go to fulfill tons of scorching
girls right here.

Directed by Shi and produced by Lindsey Collins, Disney and Pixar’s “Turning Red” releases March eleven, 2022.

That movie, directed by Luca Guadagnino, found Chalamet's character exploring his
sexuality with an older man performed by Armie Hammer, and
have become a landmark LGBTQ+ movie of the 2010s.

Wow us with the coolness of your job at Channel four so we will all "ooh" and "ahh" on the tasks
you get to work on all day. We've heard tell
that your husband performs WoW on a Linux box. Not a sausage.
My husband bought me an enormous craft toolkit for Xmas,
full of all the things I'd have to get began, together with
a Dremel and an enormous tub of perler beads, though. From an award-profitable fantasy creator and an Oscar-profitable 3-D results director to a bunch of guys who get collectively for dinner and group raiding
in individual each week, catch it on 15 minutes of
Fame. However I'd relatively shoot fast zombies when it comes to that kind of mind reward, so
I get selection in my life that approach. My job entails finding and
identifying new initiatives for UK-primarily based 14-19 12 months
olds, initiatives that can teach them helpful issues about life.
Add in RL friends, and it grew to become the second most sociable-pleasurable thing to do after
going out and operating round enjoying with my
buddies in an actual world situation.