Detailed analysis of matching rules when Nginx processes requests

When nginx receives a request, it will first match a server by server_name, and then continue matching using the location in the server.

Match server_name

In nginx, server_name determines which server will be used when a request is received. nginx will use the Host field in the request header to match the server_name. When defining server_name, you can use a full name, a wildcard name, or a regular expression name. Their matching order is as follows:

• Exact match
• The wildcard character before the string, that is, *.example.org
• After wildcard matching, i.e. mail.*
• Regular expression matching

If no match is found, the default_server will be used for processing. If it is not defined, the first defined one will be used. Use three simple servers as examples, let them listen to port 80, and set server_name to *.org, *.net, *.com respectively:

server {
 listen 80;
 server_name example.org www.example.org;
 return 401;
}

server {
 listen 80;
 server_name example.net www.example.net;
 return 402;
}

server {
 listen 80;
 server_name example.com www.example.com;
 return 403;
}

In the above configuration, the default server is the first one. Any access to a non-existent server will return 401. However, you can manually set a default host using default_server. The default_server is set in the listen field, as follows:

server {
 listen 80 default_server;
 server_name example.net www.example.net;
}

When matching again, if no match is found, this server will be used.

Access Denied

If you want to prohibit a request without a Host field, you can define the following server:

server {
 listen 80;
 server_name "";
 return 444;
}

server_name is defined as an empty string. If the Host field is empty or does not exist, this server will be matched and a 404 status code will be returned.

Nginx's 444 status is special. If 444 is returned, the client will not receive the information returned by the server, just like the website cannot be connected, and the browser directly displays 502. However, if a reverse proxy is used, the normal status code is still displayed.

If you want to prohibit access to non-existent hosts, you can define it like this:

server {
 listen 80 default_server;
 server_name _;
 return 444;
}

_ does not have any special meaning here, because a domain name will not appear in _, so it will not be the same as any real domain name. The same is true for other illegal characters.

Match both IP and server_name

Now let's see how to handle the mixing of different listening IPs and different server_names:

server {
 listen 192.168.1.1:80;
 server_name example.org www.example.org;
}

server {
 listen 192.168.1.1:80;
 server_name example.net www.example.net;
}

server {
 listen 192.168.1.2:80;
 server_name example.com www.example.com;
}

In this configuration, nginx first matches the IP, then matches their server_name. If no server_name is matched, the default server is used. For example, if a request for the domain name www.example.com comes from 192.168.1.1:80, but there are only two servers listening on 192.168.1.1:80, neither of which can match www.example.com, then the default host of the two servers is used. Since the default_server is not used to define the listener, the default is the first server, www.example.org. Of course, you can define the default_server:

server {
 listen 192.168.1.1:80;
 server_name example.org www.example.org;
}

server {
 listen 192.168.1.1:80 default_server;
 server_name example.net www.example.net;
}

server {
 listen 192.168.1.2:80 default_server;
 server_name example.com www.example.com;
}

Matching location

After nginx matches a server, it will continue to process the request through location. The following is an example:

server {
 listen 172.17.0.3:80;
 server_name _;

 location / {
 return 401;
 }

 location ~*\.(gif|jpg|png)$ {
 return 402;
 }
 
 location ~*\.(gif|jpg|png)$ {
 return 404;
 }

 location /api {
 return 403;
 }
}

Nginx will first search for the prefix in all locations for matching. After matching the prefix, it will match the locations defined by the regular expression in order. If it matches, it will end. If it does not match, it will use the location that matched the prefix before for processing. The following is an example of specific matching:

• A /x.gif request first matches the prefix /, then uses the remaining x.gif and the location regular expression to match, first matching location ~*\.(gif|jpg|png)$, and returns 402.
• A /x.pdf request, because x.pdf cannot be matched, it is processed using location /.
• A /api/x.gif, first matches the prefix /api, then uses the remaining x.gif and location regular expression to match, first matching location ~*\.(gif|jpg|png)$, and returns 402.
• A request to /api/x.pdf, because x.pdf cannot be matched, it is processed using location /api.

refer to

• How nginx processes a request
• server names

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM.