Server_name seems regex even I set absolute name

mixman68 · February 28, 2025, 7:04pm

My issue:

i have a lot of vhost but two specific with :

server_name 007.lan;

and another with :

server_name proxy01.007.lan proxy02.007.lan localhost;

After upgrade, go to proxy01.007.lan match the 007.lan vhost instead of proxy01.007.lan vhost

How I encountered the problem:

By upgrading to 1.27.2 to 1.27.4

Solutions I’ve tried:

Disable 007.lan vhost solve the problem for proxy01.007.lan and proxy02.007.lan.

Rollback to 1.27.2 solves issue too but expose to the CVE

My config:

Debian Bookwork
Nginx 1.27.4

jon-velez · March 2, 2025, 4:57pm

I had no issues running this on 1.27.4 albeit on Ubuntu. Its a simplistic setup on my end but I was able to test locally and remotely to Nginx.

Are requests using the appropriate host header? If you have some verbose access logs you can see if the the correct header is being presented at request.

root@nginx03:/etc/nginx/conf.d# nginx -v
nginx version: nginx/1.27.4

root@nginx03:/etc/nginx/conf.d# cat 007.lan.conf proxy01.007.lan.conf
server {
    server_name .007.lan;
    listen 80;

    location / {
        return 200 "\n007.lan domain\n";
        add_header Content-Type text/plain;
    }
}
server {
    server_name proxy01.007.lan;
    listen 80;

    location / {
        return 200 "\nproxy01.007.lan domain\n";
    }
}

root@nginx03:/etc/nginx/conf.d# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

root@nginx03:/etc/nginx/conf.d# systemctl restart nginx


### Local cURL
root@nginx03:/etc/nginx/conf.d# curl -v http://127.0.0.1 -H "Host: proxy01.007.lan"
*   Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: proxy01.007.lan
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.27.4
< Date: Sun, 02 Mar 2025 16:38:40 GMT
< Content-Type: application/octet-stream
< Content-Length: 24
< Connection: keep-alive
<

proxy01.007.lan domain
* Connection #0 to host 127.0.0.1 left intact


root@nginx03:/etc/nginx/conf.d# curl -v http://127.0.0.1 -H "Host: 007.lan"
*   Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 007.lan
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.27.4
< Date: Sun, 02 Mar 2025 16:38:47 GMT
< Content-Type: application/octet-stream
< Content-Length: 16
< Connection: keep-alive
< Content-Type: text/plain
<

007.lan domain
* Connection #0 to host 127.0.0.1 left intact

### Remote cURL
 curl -v http://10.65.8.38 -H "Host: 007.lan"
*   Trying 10.65.8.38:80...
* Connected to 10.65.8.38 (10.65.8.38) port 80
> GET / HTTP/1.1
> Host: 007.lan
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Server: nginx/1.27.4
< Date: Sun, 02 Mar 2025 16:43:41 GMT
< Content-Type: application/octet-stream
< Content-Length: 16
< Connection: keep-alive
< Content-Type: text/plain
<

007.lan domain
* Connection #0 to host 10.65.8.38 left intact

 curl -v http://10.65.8.38 -H "Host: proxy01.007.lan"
*   Trying 10.65.8.38:80...
* Connected to 10.65.8.38 (10.65.8.38) port 80
> GET / HTTP/1.1
> Host: proxy01.007.lan
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Server: nginx/1.27.4
< Date: Sun, 02 Mar 2025 16:43:47 GMT
< Content-Type: application/octet-stream
< Content-Length: 24
< Connection: keep-alive
<

proxy01.007.lan domain
* Connection #0 to host 10.65.8.38 left intact

mixman68 · March 3, 2025, 7:24am

Hello

I tried your files, and I continue to investigate

When I try to go on proxy01.007.lan on the nginx machine named in network proxy01.007.lan, I finish to 007.lan vhost

I double checked my conf and I have no default server in https, and if I create default server, I finish on _ server instead of vhost

This happen only for the vhost with same name as machine, I made a little php to return host header and host header is proxy01.007.lan

jon-velez · March 8, 2025, 3:11am

Let make sure I understand this correctly.

You have a vhost that is named proxy01.007.lan that hosts the domain proxy01.007.lan? The same goes for 007.lan as well?

mixman68 · March 8, 2025, 9:59am

I have 40 vhosts

And one named 007.lan and another with two names proxy01.007.lan proxy02.007.lan

But they names match server host name too, two nginx reverses proxies named proxy01 and proxy02 and dns suffix 007.lan

And when I go on proxy01.007.lan I finish on the first vhost aka 007.lan (or default server if I activate this) instead of vhost

system · July 3, 2025, 1:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Websocket reverse proxy using variable port NGINX reverse-proxy , regex , websocket	3	18	July 2, 2025
Issue with location matching NGINX web-server , https , location	7	104	July 3, 2025
Config differences between 1.24 and 1.27 NGINX config , web-server , include	6	391	July 3, 2025
NGINX config and website path NGINX web-server , documentation , ubuntu , os-repository	6	277	July 7, 2025
NGINX as a reverse proxy with Tomcat (Oracle APEX) Troubleshooting reverse-proxy	1	53	June 11, 2025

Server_name seems regex even I set absolute name

Related topics