nginx is serving pages for requests for bare IP address (which doesn't match the server_name)

Question

I have an nginx configuration with two virtual hosts and no default site.

server {
  listen 123.45.67.89:80;
  server_name site_a.example.com site_a1.example.com;

  root /srv/site_a_checkout/html/site_a;
  access_log /var/log/site_a/nginx.access.log;
  error_log /var/log/site_a/nginx.error.log;

  index index.html index.htm index.nginx-debian.html;

  location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ =404;
  }
}

Each of the virtual host configurations has a server_name line with two servers.

The existence of the second server_name, site_a1.example.com, is because there is more than one server and sometimes developers need to know which server they're looking at.

nginx performs exactly as expected, if http://site_a.example.com, http://site_a1.example1.com, http://site_b.example.com or http://site_b1.example1.com are requested.

The problem is that if http://123.45.67.89 is requested, the site_a site is served.

There is no /etc/nginx/sites_enabled/default, only virtual hosts for site_a and site_b.

Why is site_a served as http://123.45.67.89?

How can I make requests to the IP address fail?

---

I've also tried: https://superuser.com/a/1050864 and https://serverfault.com/a/525011 but these did not work either.

Answer 1

None of these solutions worked because they were implicitly listening on 0.0.0.0:80, while the virtual hosts were listening on 123.45.67.89:80.

Default servers need to exist for any specific IP addresses which are listened-to by virtual hosts.

This works:

server {
  server_name _;
  listen 123.45.67.89:80 default_server deferred;
  return 444;
}

If I add:

  listen 123.45.67.89:443 default_server deferred;

it kills HTTPS connections (before the SNI can be read) breaking all SSL virtual hosts on that IP address. This is a problem for another day. https://serverfault.com/q/959286/20520