Nginx 子域可在其未配置的子域上访问 [英] Nginx Subdomain accessible on subdomain its not configured for

问题描述

我的暂存配置设置如下:

I have my staging config setup like so:

server {
listen   80;
server_name staging.domain.com;
root    /var/www/staging/public;

和我的生产配置设置如下:

and my production config setup like this:

server {
listen   80;
server_name www.domain.com;
root    /var/www/production/public;

没有其他重定向或任何东西.

With no other redirects or anything.

问题是，即使我禁用了生产配置，我仍然可以访问 www.domain.com 上的临时服务器.

The issue is that even if I disable the production config I can still access the staging server at www.domain.com.

为什么它不受其配置的子域的限制?

Why is it not being restricted to its configured subdomain?

推荐答案

我之前回答过类似的问题

I've answered a similar question like this before

让我先简单解释一下 nginx 如何匹配主机，引用自 如何 nginx处理请求

Let me start with a small explanation on how nginx matches the hosts, quoting from how nginx processes a request

在这个配置中，nginx 只测试请求的头字段主机"来确定应该将请求路由到哪个服务器.如果它的值不匹配任何服务器名称，或者请求不匹配包含这个头字段，然后 nginx 会将请求路由到此端口的默认服务器.

In this configuration nginx tests only the request’s header field "Host" to determine which server the request should be routed to. If its value does not match any server name, or the request does not contain this header field at all, then nginx will route the request to the default server for this port.

当你禁用主服务器时，你只剩下 1 个，所以 nginx 将请求传递给它，如果你想避免你需要添加一个主服务器来阻止所有未配置的域

When you disable the main server you only have 1 left, so nginx passes the request to it, if you want to avoid that you need to add a main server to block all unconfigured domains

server {
  listen 80 default_server;
  return 403;
}

然后运行

sudo service nginx reload

那么你就准备好了

这篇关于Nginx 子域可在其未配置的子域上访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！