Default Server Block

The default server block is the server context NGINX uses when an incoming HTTP request does not match any server_name on the requested IP:port.

In simple terms:

If NGINX doesn’t know which virtual host should handle a request, it uses the default server.

When the Default Server Is Used

NGINX uses the default server when:

No server_name matches the Host header
The client sends no Host header
The request uses an IP address
The request is sent to an unexpected domain
A scanner or bot probes your server

How NGINX Chooses the Default Server

For each IP:port combination, NGINX determines the default server as follows.

Selection Rules (in order):

The server marked with default_server
If none marked → the first server defined for that IP:port

`default_server` Directive

Syntax

listen 80 default_server;

Context

Valid inside server block
Applies per IP:port

Simple Default Server Example

server {
    listen 80 default_server;
    server_name _;

    return 444;
}

Listens on port 80
Catches all unmatched requests
return 444 closes connection without response
Common anti-bot/security pattern

Example: Default vs Named Server Blocks

server {
    listen 80 default_server;
    server_name _;
    root /var/www/default;
}

server {
    listen 80;
    server_name example.com;
    root /var/www/example;
}

Request Handling

Request	Server Used
http://example.com	example.com server
http://unknown.com	default server
http://IP_ADDRESS	default server

Role of `server_name _;`

server_name _;

_ is a convention, not a wildcard
Ensures the block does not accidentally match a real hostname
Makes intent clear: “this is a catch-all server”

Default Server for HTTPS (Port 443)

HTTPS default servers are critical.

server {
    listen 443 ssl default_server;

    ssl_certificate /etc/ssl/certs/default.crt;
    ssl_certificate_key /etc/ssl/private/default.key;

    return 444;
}

TLS handshake requires a certificate
Default server handles unknown SNI names
Prevents certificate mismatch exposure

Default Server and `server_name` Matching Order

NGINX matches server_name in this order:

Exact names (example.com)
Wildcards (*.example.com)
Regex (~^www\d+\.example\.com$)
If no match → default server

Common Use Cases for Default Server

Catch-All Fallback: return 404;
Security Sink: return 444;
Redirect to Canonical Domain: return 301 https://example.com$request_uri;
Maintenance Page: root /var/www/maintenance;

Real-World Production Example

    server {
    listen 80 default*server;
    server_name *;
    access_log off;
    return 444;
    }

server {
listen 80;
server_name example.com www.example.com;

    root /var/www/example;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

}

Default server blocks unwanted traffic
Legit domain handled separately
Improves security and log noise reduction

Common Mistakes

No default server defined
Multiple default servers on same port
Forgetting SSL cert on HTTPS default server
Serving app content from default server

Debugging Default Server Behavior

Check active config

nginx -T

Test with curl

curl -H "Host: unknown.com" http://server_ip

Best Practices

Always define an explicit default server
Use server*name *;
Lock down default server (444 or 404)
Separate default HTTP and HTTPS servers
Never serve real app content from default server

When the Default Server Is Used​

How NGINX Chooses the Default Server​

default_server Directive​

Simple Default Server Example​

Example: Default vs Named Server Blocks​

Role of server_name _;​

Default Server for HTTPS (Port 443)​

Default Server and server_name Matching Order​

Common Use Cases for Default Server​

Real-World Production Example​

Common Mistakes​

Debugging Default Server Behavior​

Best Practices​