Bug 842738

Summary: default.conf is no longer the default server when conf.d includes a.conf
Product: [Fedora] Fedora EPEL Reporter: kaiwang.chen
Component: nginxAssignee: Jeremy Hinegardner <jeremy>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el6CC: affix, jamielinux, jeremy, kaiwang.chen, pavel.lisy
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 15:53:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description kaiwang.chen 2012-07-24 13:45:37 UTC 
Description of problem:

"include /etc/nginx/conf.d/*.conf;" is used to glob in configuration snippets, while listen directive is used without 'default_server' option in default.conf, making the default server matching behavior globbing order dependent. If some snippet file like 'a.conf' appears in the included directory, default server goes to 'a.conf' instead of default.conf.

The following paragraph is cited from http://wiki.nginx.org/HttpCoreModule#listen

If the directive has the default_server parameter, then the enclosing server {...} block will be the default server for the address:port pair. This is useful for name-based virtual hosting where you wish to specify the default server block for hostnames that do not match any server_name directives. If there are no directives with the default_server parameter, then the default server will be the first server block in which the address:port pair appears. 

Version-Release number of selected component (if applicable):

nginx-1.0.15-1.el6.x86_64

How reproducible:

Steps to Reproduce:

1. add some configuration snippet 'smaller' than default.conf in globbing order
# cat >/etc/nginx/conf.d/a.conf <<EOF
server {
  listen 80;
  server_name a.example.com;
  return 403;
}

2. tell nginx to reread configuration
# killall -HUP nginx

3. try http access with

HEAD / HTTP/1.0
Host: not_a.example.com

  
Actual results:

HTTP/1.1 403 Forbidden
Server: nginx/1.0.15
Date: Tue, 24 Jul 2012 13:40:25 GMT
Content-Type: text/html
Content-Length: 169
Connection: close

Expected results:

HTTP/1.1 200 OK
Server: nginx/1.0.15
Date: Tue, 24 Jul 2012 13:40:49 GMT
Content-Type: text/html
Content-Length: 3698
Last-Modified: Mon, 14 May 2012 18:28:04 GMT
Connection: close
Accept-Ranges: bytes

Additional info:

This problem could be fixed by adding 'default_server' to the 'listen' directive in default.conf.
Comment 1 Fedora Update System 2012-10-28 15:46:53 UTC 
nginx-1.2.4-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/nginx-1.2.4-1.fc18
Comment 2 Fedora Update System 2012-10-28 15:59:54 UTC 
nginx-1.0.15-5.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/nginx-1.0.15-5.fc17
Comment 3 Fedora Update System 2012-10-28 16:17:58 UTC 
nginx-1.0.15-3.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/nginx-1.0.15-3.fc16
Comment 4 Fedora Update System 2012-10-28 16:28:24 UTC 
nginx-1.0.15-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/nginx-1.0.15-3.el6
Comment 5 Fedora Update System 2012-10-29 18:14:25 UTC 
Package nginx-1.2.4-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nginx-1.2.4-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-17160/nginx-1.2.4-1.fc18
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2012-10-30 06:20:53 UTC 
nginx-1.0.15-6.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/FEDORA-2012-17186/nginx-1.0.15-6.fc17
Comment 7 Fedora Update System 2012-12-20 15:53:12 UTC 
nginx-1.0.15-6.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.