Recently, I launched a new website on the Centos Nginx server, the web host on the Linode. Then, I find that there is one domain bounded to the web server IP by accident.

What’s unbelievable is the content of the website is exactly the same as my new website.

It’s the first time I encountered this situation, I even don’t how it happened? Then, I guess it must be someone cloned my new website or it due to the WordPress theme I used.

Then I searched for some possible reason, and to know the solutions.

I even install some WordPress security plugin, such as the Wordfence plugin. However, the situation still exists.

Finally, I got the key point. I find that one guy bound his domain to my web server IP provided by Linode.

So, it’s easy to solve the problem once got the reason.

How to block unbound domains access to the web server by port 443 Nginx?

The following is the solution from Nginx officials.

In catch-all server examples the strange name “_” can be seen:

server {
listen 80 default_server;
server_name _;
return 444;
}

There is nothing special about this name, it is just one of a myriad of invalid domain names which never intersect with any real name. Other invalid names like “–” and “[email protected]#” may equally be used.

I just add this code to the nginx.conf file, then block unbound domains access to the web server succeed.

       server {
                listen       80  default_server;
                server_name  _;
                return       444;
        }


        server {
                listen       443 ssl default_server;
                ssl_certificate /path/to/ssl_cert_chain.crt;
                ssl_certificate_key /path/to/ssl_yourDomain.key;

                return 444;
       }

#provide by w3cgeek.com

Notice that, you should set the right path to ssl key. If not, there will the following error message:

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /usr/local/nginx/conf/nginx.conf