2

For some reason, any local IP address in the 127.xxx.xxx.xxx range redirects back to the default 'Welcome to nginx!' page.

From my experience with Apache, only the 127.0.0.1 IP address would resolve back to the apache web server.

How can I make Nginx only act only on the 127.0.0.1 address?

Thanks,

Ben

Ben
  • 23
  • 3

2 Answers2

2

You have two separate issues - firstly, multiple addresses (127.0.0.1/8) are reserved for loopback - however, that only explains why an address such as 127.0.0.2 will still point at your computer.

The second problem is that NginX, by default, binds to all available addresses. This setting is defined by the listen directive.

You can verify that NginX has, in fact bound to all addresses by looking at netstat -pant | grep nginx, which may show something like:

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      12534/nginx

Note the 0.0.0.0:80 under local address, meaning bind to all addresses.

If you change ALL your server blocks to have a listen directive that explicitly specifies the address to which to bind (e.g. listen 127.0.0.1:80) you should get the following:

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:81                0.0.0.0:*                   LISTEN      12536/nginx

(Tested with CentOS 6.2, Nginx 1.2, using curl - after making the change, trying to connect to 127.0.0.2 (or any other non 127.0.0.1 address), results in: curl: (7) couldn't connect to host)

Note: you must explicitly set the listen directive on all server blocks, otherwise, NginX will still listen on all addresses. The default listen directive (i.e. when it is omitted) is listen *:80 and NginX will try each available server block and use the 'best match', even if the server_name doesn't match (if you specify a listen ... default then it will use that one).

cyberx86
  • 20,620
  • 1
  • 60
  • 80
0

Per section 1.3.2.3 (Addressing) of RFC 1122, the entire block 127.0.0.0/8 is reserved for loopback; you should avoid using bogon IP addresses, especially special-purpose ones as defined in RFC 5735 for some purpose other than private addressing, as the results may be undefined.

Falcon Momot
  • 24,975
  • 13
  • 61
  • 92