nginx正在提供页面以请求裸IP地址(与server_name不匹配) [英] nginx is serving pages for requests for bare IP address (which doesn't match the server_name)
问题描述
我有一个nginx配置,其中有两个虚拟主机,没有默认站点.
I have an nginx configuration with two virtual hosts and no default site.
server {
listen 123.45.67.89:80;
server_name site_a.example.com site_a1.example.com;
root /srv/site_a_checkout/html/site_a;
access_log /var/log/site_a/nginx.access.log;
error_log /var/log/site_a/nginx.error.log;
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
每个虚拟主机配置的server_name
行都有两个服务器.
Each of the virtual host configurations has a server_name
line with two servers.
第二个服务器名site_a1.example.com
的存在是因为存在多个服务器,有时开发人员需要知道他们正在查看的服务器.
The existence of the second server_name, site_a1.example.com
, is because there is more than one server and sometimes developers need to know which server they're looking at.
nginx的性能将完全符合预期.
nginx performs exactly as expected, if http://site_a.example.com
, http://site_a1.example1.com
, http://site_b.example.com
or http://site_b1.example1.com
are requested.
问题在于,如果请求http://123.45.67.89
,则会为site_a
网站提供服务.
The problem is that if http://123.45.67.89
is requested, the site_a
site is served.
没有/etc/nginx/sites_enabled/default
,只有site_a和site_b的虚拟主机.
There is no /etc/nginx/sites_enabled/default
, only virtual hosts for site_a and site_b.
为什么site_a用作http://123.45.67.89
?
Why is site_a served as http://123.45.67.89
?
如何使对IP地址的请求失败?
How can I make requests to the IP address fail?
我也尝试过: https://superuser.com/a/1050864 和https://serverfault.com/a/525011 ,但这些方法也不起作用.
I've also tried: https://superuser.com/a/1050864 and https://serverfault.com/a/525011 but these did not work either.
推荐答案
这些解决方案都不起作用,因为它们隐式侦听0.0.0.0:80,而虚拟主机侦听123.45.67.89:80.
None of these solutions worked because they were implicitly listening on 0.0.0.0:80, while the virtual hosts were listening on 123.45.67.89:80.
对于虚拟主机侦听的任何特定IP地址,都需要存在默认服务器.
Default servers need to exist for any specific IP addresses which are listened-to by virtual hosts.
这有效:
server {
server_name _;
listen 123.45.67.89:80 default_server deferred;
return 444;
}
如果我添加:
listen 123.45.67.89:443 default_server deferred;
它杀死HTTPS连接(在读取SNI之前),从而破坏该IP地址上的所有SSL虚拟主机.这又是一个问题. https://serverfault.com/q/959286/20520
it kills HTTPS connections (before the SNI can be read) breaking all SSL virtual hosts on that IP address. This is a problem for another day. https://serverfault.com/q/959286/20520
这篇关于nginx正在提供页面以请求裸IP地址(与server_name不匹配)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!