在AWS OpsWorks Nginx/Unicorn服务器上通过直接IP地址禁用Web访问 [英] Disable web access via direct IP address on AWS OpsWorks Nginx/Unicorn server
问题描述
我有一个在AWS OpsWorks Nginx/Unicorn Rails层上运行的Rails应用程序.我希望我的应用仅处理对api.mydomain.com的请求,并让我的Web服务器直接返回404(如果使用服务器的IP地址发出的任何请求).
I have a Rails app running on an AWS OpsWorks Nginx/Unicorn Rails Layer. I want my app to only process requests to api.mydomain.com and have my web server directly return a 404 if any request is made using the server's IP address.
我已经实现了一个自定义食谱,该食谱覆盖了unicorn/templates/default/nginx_unicorn_web_app.erb(来自opsworks-cookbooks回购: https://github.com/aws/opsworks-cookbooks ).我复制了此存储库中存在的模板文件,并在模板顶部添加了一个新的服务器块:
I've implemented a custom cookbook that overrides unicorn/templates/default/nginx_unicorn_web_app.erb (from the opsworks-cookbooks repo: https://github.com/aws/opsworks-cookbooks). I copied the template file that exists in this repository and added a new server block at the top of the template:
<代码>服务器 {听80;server_name<%= @instance [:ip]%> ;;返回404;}
我停止并启动了服务器,以确保使用自定义模板文件,但是当我使用服务器的IP地址发出请求时,它仍然被路由到我的Rails应用程序中.
I stopped and started my server to ensure that the customized template file gets used, but when I issue a request using the server's IP address it still gets routed to my Rails app.
这<%= @instance [:ip]%>不正确吗?有没有一种方法可以从此模板文件中记录日志,以便我可以更轻松地调试出了什么问题?我尝试使用Chef :: Log.info,但我的消息似乎没有被记录.
Is this <%= @instance[:ip] %> not correct? Is there a way to log from within this template file so that I can more easily debug what is going wrong? I tried using Chef::Log.info, but my message didn't seem to get logged.
谢谢!
对于其他遇到此问题的人...下面有关设置默认服务器阻止的答案解决了我的问题之一.我的另一个问题与以下事实有关:我的菜谱更新甚至没有进入我的实例,需要手动刷新菜谱缓存:
For anyone else having this issue... The answer below about setting up a default server block fixed one of my issues. My other issue was related to the fact that my cookbook updates were not even making their way to my instance and needed to manually refresh the cookbook cache: http://docs.aws.amazon.com/opsworks/latest/userguide/workingcookbook-installingcustom-enable-update.html
推荐答案
EC2实例具有私有(通常为RFC-1918)IP地址.Internet网关将流量从公用地址转换为该地址.如果该私有地址是地址<%= @instance [:ip]%> 返回的地址,那么显然,此配置将无法完成您想要的操作.
EC2 instances have a private (typically RFC-1918) IP address. The Internet Gateway translates traffic to that address from the public address. If that private address is the address <%= @instance[:ip] %> returns, then obviously, this configuration isn't going to do what you want.
即使不是,这也不是正确的方法.
Even if not, this isn't the correct approach.
相反,您应该定义Nginx的 default 行为-这是第一个 server 块-引发错误,然后在配置中声明一个带有api DNS主机名和正常操作所需行为的服务器块.
Instead, you should define the default behavior of Nginx -- which is the first server block -- to throw the error, and later in the config, declare a server block with the api DNS hostname and the behavior you want for normal operation.
这篇关于在AWS OpsWorks Nginx/Unicorn服务器上通过直接IP地址禁用Web访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
