Wrong site displayed--seemingly randomly


#1

I moved my sites over to a new server and a new install of nginx-0.7.40
a couple days ago. I noticed once 2 days ago that I went to one domain
and one of my other sites showed up. I thought this must be something
strange with the DNS propagation.

Today my business partner went to our site and saw this same other site
instead. The site that sometimes is mistakenly showing up is the first
site I migrated to the new server setup.

None of these sites is set to be any sort of default, and all are
included an:
include …/sites-available/*.conf;

Anybody have any idea what else could be causing this? It’s a pretty
serious problem.

Thanks,
Chris


#2

I just figured out the problem.

I did not include the “www” version of my domains in the .conf in some
cases. I have fixed it.

Still, I don’t understand why the behavior should be defaulting to
whatever site I happened to configure first.


#3

It might help to set up a default “catch all” server. There’s more info
on
it here: http://wiki.nginx.org/NginxHttpCoreModule#server_name and it’s
done
differently depending on your version of nginx.

You can set up your default server to point to one of your sites, or you
can
use it to show a 404 for invalid domains.

I have a CMS that hosts multiple, unrelated sites, and after looking
through
my logs recently, I was finding that one of the sites (the one nginx
determined as the “default”) was receiving all sorts of garbage traffic
from
bots, script kiddies, and the like. Some of the requests were from old
domains that were pointed at an IP I had recently acquired, some were
targeted at the IP address itself with no Host header, and the majority
were
penetration testing (like http://some-made-up-domain.com/*).

Since I didn’t want to send all this traffic to my CMS backend, I wanted
to
have nginx filter it upfront. As such, I now have the following as my
“default” server:

server {
listen 80 default;
server_name _;

root /var/www/default;
log_format nosy '$remote_addr - $remote_user [$time_local] ’
'"$request" ["$scheme://$host$request_uri"] $status
$body_bytes_sent ’
‘"$http_referer" “$http_user_agent”’;
access_log /var/log/nginx/default.access.log nosy;
error_log /var/log/nginx/default.error.log;

location / {
return 404;
}
}

The lot_format is of course optional, but I wanted to add it since the
default log format doesn’t include $host (just $request_uri). Also, I
wanted to monitor for traffic from old domains that are still pointed at
my
IP address. If you don’t care about this, you can just use “access_log
off;”. It may be worth noting that since I set this up about a month
ago,
the default.error.log file is still empty.

Since the traffic is garbage, I don’t care what the 404 page looks like,
so
the default one that nginx serves up is fine with me.

On Fri, Mar 13, 2009 at 2:47 PM, Chris Cortese
<removed_email_address@domain.invalid