Default Server

The default server is the fallback virtual host that NGINX uses when an incoming request does not match any other server block for the given IP address and port.

Think of it as:

“If nothing else matches, serve this.”

When Does NGINX Use the Default Server?

NGINX selects the default server when:

No server_name matches the request’s Host header (name-based hosting)
A request comes to an IP/port with no explicit match
A client sends no Host header (old clients or malformed requests)
Someone accesses the server by IP address
A random or unknown domain points to your server

How NGINX Chooses the Default Server

Priority rules (important!)

For each listen IP:PORT combination:

A server with default_server is chosen first
If none is marked:
- The first server block defined becomes the default

Default server is per IP + port, not global.

Basic Example: Name-Based Virtual Hosts

server {
    listen 80;
    server_name example.com;

    root /var/www/example;
}

server {
    listen 80;
    server_name blog.example.com;

    root /var/www/blog;
}

Both servers listen on :80
No explicit default_server
The first server block becomes the default

So requests like:

http://192.0.2.10
http://unknown-domain.com

will be served by example.com

This is often not desired.

Explicit Default Server (Recommended)

Proper default server setup

server {
    listen 80 default_server;
    server_name _;

    root /var/www/default;
    index index.html;
}

default_server

listen 80 default_server;

Explicitly marks this as the fallback server
Overrides ordering issues

server_name _;

_ is a convention meaning “match nothing”
Prevents accidental domain matching

Secure Production Setup

http {

    server {
        listen 80 default_server;
        server_name _;

        return 444;
    }

    server {
        listen 80;
        server_name example.com www.example.com;

        root /var/www/example;
        index index.html;
    }

    server {
        listen 80;
        server_name blog.example.com;

        root /var/www/blog;
        index index.html;
    }
}

What Happens in This Setup?

Request	Result
`example.com`	Served by example.com server
`blog.example.com`	Served by blog server
`192.0.2.10`	Connection closed (444)
`randomdomain.com`	Connection closed (444)

Default Server in IP-Based Virtual Hosting

Each IP can have its own default server.

server {
    listen 192.0.2.10:80 default_server;
    return 444;
}

server {
    listen 192.0.2.20:80 default_server;
    return 444;
}

Default server applies per IP
Different IPs = different defaults

Default Server with HTTPS (SNI)

For HTTPS, default server matters before TLS certificate selection.

server {
    listen 443 ssl default_server;
    server_name _;

    ssl_certificate /etc/ssl/default.crt;
    ssl_certificate_key /etc/ssl/default.key;

    return 444;
}

Why this is important

Handles unknown SNI names
Prevents certificate leakage
Avoids browser warnings

Common Uses of a Default Server

Security hardening

return 444;

Drops the connection silently
Blocks domain probing

Custom error or landing page

root /var/www/landing;
index index.html;

Useful for:

Maintenance pages
Holding pages

Redirect to main site

return 301 https://example.com;

When Does NGINX Use the Default Server?​

How NGINX Chooses the Default Server​

Basic Example: Name-Based Virtual Hosts​

Explicit Default Server (Recommended)​

Secure Production Setup​

What Happens in This Setup?​

Default Server in IP-Based Virtual Hosting​

Default Server with HTTPS (SNI)​

Common Uses of a Default Server​