Missing default_server on Shared Listen Socket

Gixy Check ID: default_server_flag

When two or more server blocks share the same listen address and port, one of them should be explicitly marked as default_server (or default). This eliminates ambiguity in which server handles requests that do not match a server_name.

How can I find it?

Gixy reports an issue if it detects multiple server blocks listening on the same socket without any of them being marked as default_server.

Misconfiguration example:

http {
    server {
        listen 80;
        server_name a.test;
    }

    server {
        listen 80;
        server_name b.test;
    }
}

What can I do?

• Add the default_server flag to one server block among those sharing the same socket.

Correct configuration example:

http {
    server {
        listen 80 default_server;
        server_name a.test;
    }

    server {
        listen 80;
        server_name b.test;
    }
}

References

• NGINX listen directive: https://nginx.org/en/docs/http/ngx_http_core_module.html#listen

Harden NGINX with maintained RPMs

Use NGINX Extras by GetPageSpeed for continuously updated NGINX and modules on RHEL/CentOS/Alma/Rocky. Learn more.