nginx正在提供页面以请求裸IP地址(与server_name不匹配) [英] nginx is serving pages for requests for bare IP address (which doesn't match the server_name)

问题描述

我有一个nginx配置，其中有两个虚拟主机，没有默认站点.

I have an nginx configuration with two virtual hosts and no default site.

server {
  listen 123.45.67.89:80;
  server_name site_a.example.com site_a1.example.com;

  root /srv/site_a_checkout/html/site_a;
  access_log /var/log/site_a/nginx.access.log;
  error_log /var/log/site_a/nginx.error.log;

  index index.html index.htm index.nginx-debian.html;

  location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ =404;
  }
}

每个虚拟主机配置的server_name行都有两个服务器.

Each of the virtual host configurations has a server_name line with two servers.

第二个服务器名site_a1.example.com的存在是因为存在多个服务器，有时开发人员需要知道他们正在查看的服务器.

The existence of the second server_name, site_a1.example.com, is because there is more than one server and sometimes developers need to know which server they're looking at.

nginx的性能将完全符合预期.

nginx performs exactly as expected, if http://site_a.example.com, http://site_a1.example1.com, http://site_b.example.com or http://site_b1.example1.com are requested.

问题在于，如果请求http://123.45.67.89，则会为site_a网站提供服务.

The problem is that if http://123.45.67.89 is requested, the site_a site is served.

没有/etc/nginx/sites_enabled/default，只有site_a和site_b的虚拟主机.

There is no /etc/nginx/sites_enabled/default, only virtual hosts for site_a and site_b.

为什么site_a用作http://123.45.67.89?

Why is site_a served as http://123.45.67.89?

如何使对IP地址的请求失败?

How can I make requests to the IP address fail?

我也尝试过: https://superuser.com/a/1050864 和https://serverfault.com/a/525011 ，但这些方法也不起作用.

I've also tried: https://superuser.com/a/1050864 and https://serverfault.com/a/525011 but these did not work either.

推荐答案

这些解决方案都不起作用，因为它们隐式侦听0.0.0.0:80，而虚拟主机侦听123.45.67.89:80.

None of these solutions worked because they were implicitly listening on 0.0.0.0:80, while the virtual hosts were listening on 123.45.67.89:80.

对于虚拟主机侦听的任何特定IP地址，都需要存在默认服务器.

Default servers need to exist for any specific IP addresses which are listened-to by virtual hosts.

这有效:

server {
  server_name _;
  listen 123.45.67.89:80 default_server deferred;
  return 444;
}

如果我添加:

  listen 123.45.67.89:443 default_server deferred;

它杀死HTTPS连接(在读取SNI之前)，从而破坏该IP地址上的所有SSL虚拟主机.这又是一个问题. https://serverfault.com/q/959286/20520

it kills HTTPS connections (before the SNI can be read) breaking all SSL virtual hosts on that IP address. This is a problem for another day. https://serverfault.com/q/959286/20520

这篇关于nginx正在提供页面以请求裸IP地址(与server_name不匹配)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！