NGINX: Default Server Configurations
NGINX: Default Server Configurations
I recently encountered a critical issue when configuring my NGINX server (that serves this website), when I had multiple (unrelated) domain names configured to point to the same virtual private server (VPS). The problem was that only one set were meant to be in use (such as loveduckie.*
). Unfortunately, this then meant that the remaining domain names (the ones intended to be left unused) were erroneously pointing to my portfolio website when they should not have been. This is can be particularly problematic, because Google can severely relegate the search ranking for your website, if it deems it not to be the "canonical" version of it.
What this means exactly is that there could be two completely separate and unrelated domain names pointing to the same page or content, but because Google considers the wrong one to be the "one true source", it then defines it as the canonical version which is not our intention. I don't want an unrelated domain name to become the "canonical" source for my portfolio!
To fix this, I produced a NGINX configuration that ensured that any time the unused set of domains were visited, they would be redirected to a default error landing page (much like you would expect when navigating to a HTTP 404). This means that subsequent crawls from Google will be able to determine a difference between my portfolio's domain names, and the ones that are considered to be unrelated.
The error pages look a little something like this.
And of course, there are custom error pages depending on the HTTP status code that is being returned.
Aside from the overkill templating of the error pages with Bootstrap, there's nothing particularly fancy about this so far.
NGINX Configuration
Configuring your NGINX server is pretty straight forward, and only relies on you needing to use a particular set of keywords that NGINX parses when reading your configuration files. To begin with, you are going to want to create a new server configuration file called default.conf
. The name of the configuration file is largely irrelevant, as your NGINX server should be configured to read all configuration files under a certain directory. For instance, your default nginx.conf
configuration file should contain a statement such as include /etc/nginx/conf.d/*.conf
so that it can read all configuration files (that presumably have server
blocks) and load your virtual servers accordingly.
server
{
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name_in_redirect off;
server_name default_server;
}
So far, so good. All this server block is ensuring that it is binding itself to both port 80
and 443
, which are used for HTTP and HTTPS traffic. You'll also note the usage of "default_server
", which basically tells NGINX that if the domain name does not have a server block configuration available for it on the server, then simply make use of this "default
" server block configuration instead.
There's a few other things going on here as well.
server_name_in_redirect off;
basically states that there doesn't need to be a match between the host name defined in the HTTP request Host header and theserver_name
configuration value in order for the our default configuration to be considered a valid match.server_tokens off;
is not strictly related to this article, but basically states that the HTTP response mustn't specify that this was served by NGINX (i.e.Server
HTTP header).
Handling Specific HTTP Errors
In the instance that someone navigates to a page that does not exist or cannot be served by any of the "server block" configurations loaded by NGINX, you will likely want to redirect them to a 40x or 50x error status page. Configuring page redirects for both range of error codes is straight forward.
server
{
...
root /var/www/default;
index index.html index.htm;
location ~* ^.+ {
try_files $uri $uri/ =404;
}
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 403 /403.html;
location = /404.html {
root /var/www/default;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /var/www/default;
}
...
}
In the example above, I set the root directory to /var/www/default
which is the path I am using for storing static page files for my error pages in my NGINX Docker container (as shown in the screenshots above). If you are building a NGINX service from a Docker image, you will want to make sure that the path exists, and that there are static files that you can serve from the path.
Handling SSL Traffic
Next, you are going to want to make sure that you have some kind of SSL certificate that you can use for serving HTTPS traffic. Unless you actually have a valid HTTPS certificate for the traffic that you are intending on redirecting, you will want to create your own self-signed one using the available SSL command-line tooling.
Installing Dependencies for SSL in Docker (Optional)
If you are using the Alpine Linux variant of the NGINX Docker image (nginx:stable-alpine
for example), you must ensure that you've installed the required dependencies through the Alpine Linux package manager.
RUN apk add --no-cache openssl
And then you will want to generate your own self-signed certificate, and then store it somewhere appropriate in the filesystem for the Docker container.
RUN openssl req -new -x509 -nodes -days 365 -newkey rsa:4096 -extensions 'v3_req' \
-keyout /etc/nginx/ssl-default/default-privkey.pem \
-out /etc/nginx/ssl-default/default-fullchain.pem \
-config /etc/nginx/openssl-gen.cnf > /dev/null 2>&1
You'll note that this command-line expression is referring to a configuration file that is located at /etc/nginx/openssl-gen.cnf
. This is a custom configuration file that I've copied into the Docker image from a previous COPY
statement. The path can be changed with wherever you decide to copy this configuration file to inside your Docker container. The configuration file looks little something like this...
[req]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
name = Your Name Goes Here
countryName= Your Country Name Goes Here
stateOrProvinceName = Your State or Province Name Goes Here
emailAddress = Your Email Address Goes Here
localityName = London
organizationalUnitName = Your Name Goes Here
commonName = localhost
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
Nothing too fancy, and it doesn't necessarily need to have the SAN (subject alternate names) definitions for the unsupported domain names that you intend on redirecting to your default landing pages. Of course, because it is a self-signed certificate (i.e. a certificate signed using your own created certificate authority), you should assume that this will throw HTTPS errors should people navigate to the domain through HTTPS.
Testing Configuration Changes
Ensure that you've tested your changes before restarting your Docker container, or reloading your configuration file.
#!/bin/bash
nginx -t
And then reload your configuration if the response is without errors.
#!/bin/bash
nginx -s reload
Alternatively, if you are running NGINX from a Docker container, you can do it from the command-line (outside of the container) using a command similar to this.
#!/bin/bash
docker exec -it your-nginx-container-name-goes-here nginx -s reload
Conclusion
Use a default configuration to prevent there being "search result collisions" between two unrelated domain names that target the same host.
I hope you found this useful. There is another approach to this, and that is to adjust the firewall configuration for your virtual private server, so that all traffic to that particular host (read: domain) name is rejected. This is largely contingent on what Linux operating system you are using, and is arguably not as convenient as managing it at container-level (i.e. from the NGINX instance itself).
You can find the complete NGINX configuration snippet for everything discussed in this article, in this Gist on GitHub.
Complete NGINX Configuration
server
{
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name_in_redirect off;
server_name default_server;
server_tokens off;
charset utf-8;
access_log /var/log/nginx/host.access.log main;
error_log /var/log/nginx/host.error.log warn;
ssl_certificate /etc/nginx/ssl-default/default-fullchain.pem;
ssl_certificate_key /etc/nginx/ssl-default/default-privkey.pem;
root /var/www/default;
index index.html index.htm;
location ~* ^.+
{
try_files $uri $uri/ =404;
}
location /
{
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 403 /403.html;
location = /404.html
{
root /var/www/default;
}
error_page 500 502 503 504 /500.html;
location = /500.html
{
root /var/www/default;
}
}
Useful Reading
Find below some other useful links that I found when trying to troubleshoot my woes.
- NGINX: Request Processing
- Google Search Console: Canonical URLs
- GitHub Gist: NGINX Default Server Configuration
I hope you found this useful. Feel free to get in touch if you require any help!
Comments
Comments
In December 2019, another Thai Navy SEAL died of a blood infection contracted during the rescue
operation.
Starting out as a child actor on The Andy Griffith Show
and later in Happy Days and the movie American Graffiti, Howard has been a
marquee director for years.
The rescue mission found all thirteen folks alive
roughly 2.5 miles from the doorway to the cave, after surviving
for 18 days without rescue.
After reviewing all of the issues that Indibet provides
for Indian players, we have determined to grant it the
Sportscafe badge of approval. Indibet is nicely-recognized in India since it presents a wide range
of cricket betting options, especially since as an alternative of cricket being within the
sportsbook section, there is a complete class especially for it - the
cricketbook. Chances are you'll watch and wager on cricket tournaments just like the Indian Premier League
on a dwell sportsbook. This program permits you to simultaneously watch and wager on widespread sports activities occasions in India such
as the Indian Premier League. It's possible you'll multi-guess utilizing
completely different bet sorts since Indibet lets you gamble on many occasions
in a single wager. Simply choose the result you consider will occur and place your wager.
Place a wager and find out the result of the sport in seconds with virtual cricket betting.
You enhance your chances of inserting a winning wager through
the use of this device that can assist you better forecast the game's outcome.
What do you get with the bet365 bonus code?
Please notice, the bonus funds require a 20x
wagering requirement before you possibly can withdraw your
funds. 365 has improved its welcome bonus since launching in New Jersey, but it lags
other sportsbooks in launching new promos.
365 bet credits are the sportsbooks manner of giving new customers free bets to
use. You possibly can solely use the Bet Credits once you have placed
qualifying bets to the value of your qualifying deposit and these should settle within 30 days of claiming the offer to rely
in direction of the deposit match. Make sure you enter this when signing up for your account to make the most of
their glorious signal-up provide. Get your straight
bets paid out if the staff you back positive factors a
20 point advantage - for parlays the selection will probably be marked as
a winner. These bet credits can be used on whichever market you please and will likely be issued to your account once your preliminary
deposit has been made.
спасибо, интересное чтение
_________________
депозит при регистрации на номер казино - <a href=http://km.playrealmoneybestgame.xyz/Aviator.html>игра про самолеты</a>, депозит при регистрации в казино
Многопользовательская игра на деньги, которая позволяет зарабатывать деньги делая ставки на график. Высокие коэффициенты и выплаты. Бонус по промокоду 2022.
<a href=https://my-online-teacher.com/>lucky jet ставки</a>
играть в казино 1 win
The teaser completed its first 24-hour on-line window with 148.6 million views, including 23 million from China alone, based on twentieth Century Studios.
как оформить повербанк для
маршрутизатора wi-fi, чтобы, при отключении освещения получить интернетом: секрет
It is possible to minimize you cellulite appearance when you eat correct.
Ingesting substantial-fiber meals and grain might help take away the unhealthy toxins that aggravate the appearance of fatty tissue.
Water in addition to consuming a healthy diet
likewise helps to flush out unhealthy toxins.