在Nginx中处理默认服务器和IP转发的最佳实践 [英] Best practice to handle default server and ip forwarding in nginx

问题描述

我最近在debian 8上创建了一个nginx服务器.它在/etc/nginx/sites-available/default上提供了一个默认配置，该配置重定向到nginx欢迎页面.

I have recently created a nginx server on debian 8. It came up with a default config on /etc/nginx/sites-available/default which redirects to an nginx welcome page.

server {
listen 80 default_server;
listen [::]:80 default_server;

root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;

server_name your_server_ip;

location / {
    try_files $uri $uri/ =404;
}

location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}

location ~ /\.ht {
    deny all;
}
}

我添加了一个新的生产页面，例如上面带有ssl的"example.com".

I had added a new production page, say 'example.com' with ssl on it.

在../example.com的配置中，未将其设置为默认服务器.

In the config for ../example.com, it is not set as the default server.

server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}

server {

# SSL configuration

listen 443 ssl;
listen [::]:443 ssl;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
....

现在，当我ssl安全在 https://www .ssllabs.com/ssltest/analyze.html?d = example.com ，它获得了A +.但是它评论了服务器配置不一致".

Now when I ssl security tested it on https://www.ssllabs.com/ssltest/analyze.html?d=example.com, it got a A+. But it had commented 'Inconsistent server configuration'.

当我加载IP地址时，在浏览器上将xxxx说成 https://xxxx ，它会加载与 https://example.com ，但上面没有ssl(绿色地址栏).如果我加载 http://x.x.x.x ，则会加载默认的nginx欢迎页面.

And when I load the ip address, say x.x.x.x on browser as https://x.x.x.x it loads the same page as of https://example.com but without ssl (green address bar) on it. If i load http://x.x.x.x it loads the default nginx welcome page.

我尝试设置默认配置(用于ip)以获取禁止的消息，我添加了以下代码

I tried to set the default config (for ip) to get a forbidden message, I have added the following code

location / {
deny all;
}

现在，当我对example.com进行ssl安全测试时，它显示不支持安全协议"，并且没有测试结果出现.

Now when I ssl security test the example.com, it says "No secure protocols supported" and no test results appeared.

我的问题是

使用为IP地址加载的nginx随附的默认配置应该怎么做?

What should be done with the default config that comes with nginx which loads for the ip address?

应在侦听"命令中将哪个服务器名称(配置文件)设置为default_server?

which server_name (config file) should be set as the default_server on 'listen' command?

当前正在将https请求转发到示例域的ip应该如何处理?

what should be done with the ip which is currently forwarding https requests to the example domain?

预期结果:-

https://example.com 仅应用于连接服务器，并且加载的IP地址可以显示页面未找到"或禁止"，因为example.com将用于其上的php脚本.

https://example.com only should be used to connect to the server and loading ip address can show 'page not found' or 'forbidden', since the example.com will be used for php scripts on it.

SSL测试应在设置配置后给予至少A等级.

SSL tests should give atleast a A rating after the set configuration.

ip地址不应直接接受任何连接并对其进行处理.

ip address should not accept any connections directly and process it.

推荐答案

默认配置显然不提供SSL.通常，您需要安装SSL证书.有很多关于此的教程.网页的入口点取决于您.您在同一篇文章中提出了不同的问题.

Default configuration obviously doesn't offer SSL. Generally, you need to install an SSL certificate. There are plenty of tutorials on this. The entry point into your web pages is up to you. You're asking different questions in the same post.

很显然，您可以在这里和其他地方通过搜索找到答案.

Obviously you can find the answers here, and elsewhere, by searching for them.

这篇关于在Nginx中处理默认服务器和IP转发的最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！