Nginx 允许通过域但不允许通过 IP [英] Nginx allow via Domain but not via the IP
问题描述
这是我的配置:
server {
listen 80;
listen [::]:80;
server_name domain.tld www.domain.tld;
return 301 https://erp.uni.mk$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.tld;
ssl_certificate "/etc/nginx/ssl/ca_full.crt";
ssl_certificate_key "/etc/nginx/ssl/private.key";
...
}
我想要实现的是通过 IP 阻止访问.并且只允许通过域.
What I am trying to achieve is block access via the IP. And only allow it via the domain.
我见过一些使用正则表达式的解决方案,但我同时使用 IPv4 和 IPv6.而且它不应该影响性能.
I've seen some solutions with regex, but I am using both IPv4 and IPv6. And it should not impact performance.
有什么建议可以解决这个问题吗?
Any suggestions how to solve this?
推荐答案
您需要定义一个捕获所有服务器.在 listen
指令中使用 default_server
参数.
You need to define a catch all server. Use the default_server
parameter on the listen
directive.
例如:
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate /path/to/any/cert.pem;
ssl_certificate_key /path/to/any/key.pem;
return 444;
}
服务器需要一个证书来阻止 https
连接,任何证书都可以.客户端的浏览器会发出警告,但无论如何他们都不应该尝试连接到没有正确域名的安全服务器.
The server needs a certificate to block https
connections, any certificate will do. The client's browser will throw warnings, but they shouldn't be trying to connect to a secure server without a correct domain name anyway.
server_name
指令不是必需的.非标准代码 444 关闭连接而不发送响应头.
The server_name
directive is not required. The non-standard code 444 closes the connection without sending a response header.
有关详细信息,请参阅本文档.
See this document for details.
这篇关于Nginx 允许通过域但不允许通过 IP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!