How can I configure my nginx server to accept different subdomains and also port?

Albert Alberto

8/27/23, 3:30 PM

I have a server running on Ubuntu/Nginx. I have subdomains running from different internal ports. I want to expose one application to the public but not associate it with any domain/server name.

Below is my configuration file:

server {
    server_name app.example.com www.app.example.com;
    access_log /home/hub-app/logs/app.example.com.access.log;
    
    location / {
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8082;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';      
        proxy_cache_bypass $http_upgrade;       
        proxy_http_version 1.1;     
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme; 
    }

    listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


}   

server {
    server_name example.com www.example.com;
    access_log /home/hub-public/logs/example.com.access.log;
    
    location / {
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8081;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';      
        proxy_cache_bypass $http_upgrade;       
        proxy_http_version 1.1;     
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme; 
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

}

The above works well and points to the specified domains ie example.com and app.example.com. Now I want to add another virtual server to run at MY_PUBLIC_IP:8080. The port 8080 should not be accessible on the other domains i.e. example.com:8080/app.example.com:8080 should not be available.

0 + 0

nginx

reverse-proxy

djdomi

8/27/23, 5:02 PM

use as server_name the ip

Score:0

Server

Klamber

8/29/23, 4:37 PM

You can use default_server.

Nginx will declare that server as the default server. After that, the Nginx will utilize the default server for handling the requests when their HTTP Host header remains unmatched with any other server blocks.

What is default_server in Nginx

Example:

server {
    listen 8080 default_server;
    
    root /www/default;
        
    location / {
        index index.html;
    }
}

I use it to honeypot scanner bots and stream them some poop emojis if they are looking for phpAdmin or anything like it :)

0 + 0

Score:0

Server

Ivan Shatsky

8/30/23, 11:44 AM

I don't think the @Klamberext answer really answers the question. That is, the nginx web server has a default server concept. The official documentation page on the subject can be found here: How nginx processes a request. However one of the server blocks listening on some network interface/port combination will always act as the default one. If you don't specify that server block explicitly, it will be the very first server block in your configuration. That means that your server block with the server_name app.example.com www.app.example.com; line will be the default server block for any request coming on 443 TCP port, serving any request where an HTTP Host header won't match example.com or www.example.com (or if there will be no Host header at all).

As already being said by @Klamberext, a common practice is to define a stub server block to catch all the requests where the Host HTTP header doesn't match any of the domains you are serving. You can see an example at this SO answer. Usually such a server block contains the return 444; statement which is a special nginx return code to immediately close the connection. However it seems that you need something opposite, and you'll need two server blocks to accomplish it, since as already being said, a single server block listening on TCP port 8080 will act as the default one no matter what is the Host header set to:

server {
    listen 8080;
    server_name example.com www.example.com app.example.com www.app.example.com;
    return 444;
}
server {
    listen 8080 default_server;
    ... your config here
}

As an alternative you can check the Host header value inside your server block, for example to block an example.com domain and any of its subdomains:

server {
    listen 8080;
    if ($http_host ~ \.?example\.com$) { return 444; }
    ... your config here
}

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can I configure my nginx server to accept different subdomains and also port?

TH: ฉันจะกำหนดค่าเซิร์ฟเวอร์ nginx ให้ยอมรับโดเมนย่อยและพอร์ตต่างๆ ได้อย่างไร

RO: Cum îmi pot configura serverul nginx pentru a accepta diferite subdomenii și, de asemenea, porturi?

RU: Как я могу настроить свой сервер nginx для приема разных поддоменов, а также порта?

VI: Làm cách nào tôi có thể định cấu hình máy chủ nginx của mình để chấp nhận các tên miền phụ khác nhau và cả cổng?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.