TypechoJoeTheme

Dcr163的博客

统计

网站页面
类目归类
标签搜索
日志

nginx配置只允许域名访问,禁止ip访问80,443端口

2020-06-16
/
0 评论
/
825 阅读
/
正在检测是否收录...
06/16

一、背景

在对服务器做更新的时候,发现访问服务器IP的80端口,就自动跳转到我的网站上,这点对于强迫症患者来说万万不能忍!!!

二、解决方法

先来配置80端口的

打开Nginx的配置文件:

#vi /usr/local/nginx/conf/nginx.conf
增加以下代码片段

server    {
        listen 80 default;
        return 403;
    }

配置如下图所示:


image.png


最后重载配置即可
配置完成后效果如下


image.png

以上代码是针对80端口的,如果跟我一样配置了https(443端口)的话,需要再加点东西

配置80 443端口一起的
server    {
        listen 80 default;
        listen 443 default_server;
        server_name _;
        return 403;#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    ssl_certificate    /etc/letsencrypt/live/0ne0ne.com/fullchain.pem;
        ssl_certificate_key    /etc/letsencrypt/live/0ne0ne.com/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM- 
        SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;
        error_page 497  https://$host$request_uri;
   #SSL-END
    }

为什么要加上ssl证书的配置

Nginx 上对于 SSL 服务器在不配置证书的时候会出现协议错误,哪怕端口上配置了其他网站也会报错。解决方法就是随便生成一个证书填进去就好。

就是说443端口如果也跟80端口那样子的配置,使用https方式访问正常的域名也会被拒绝连接。
配置如下图所示:


image.png


最后重载配置即可
配置完成后效果如下:


image.png


域名访问正常




链接:https://www.jianshu.com/p/c632e98468cd
来源:简书


朗读
赞(0)
版权属于:

Dcr163的博客

本文链接:

https://dcr163.cn/250.html(转载时请注明本文出处及文章链接)

评论 (0)
496 文章数
49 评论量

人生倒计时

今日已经过去小时
这周已经过去
本月已经过去
今年已经过去个月

热门文章

最新回复

  1. William Tardent
    2024-02-27

    Many thanks, this website is very handy.ランジェリー通販
  2. Maryann Hamer
    2024-02-27

    Sustain the remarkable job !! Lovin' it!ランジェリー通販
  3. Sanora Pantano
    2024-02-24

    Great looking site. Assume you did a whole lot of your very own coding.ランジェリー通販
  4. aa
    2024-02-21

    32位的,用xp系统无法打开
  5. Kassie Baum
    2024-01-28

    And for good reason: It was slow, it seemed completely different than advertised, there were no USB ports with no bulky adapter, the microSD reminiscence card slot wasn't spring loaded, so it was almost inconceivable to get the card out.
    Thus, in Slot Filling level, we further label "耐克"(Nike) as Brand Property (B-Brand/I-Brand), and "黑色"(black) as Color Property (B-Color/I-Color). Without an APX radio, some first responders should carry more than one radio, or depend on info from dispatchers earlier than proceeding with vital response activities.
    The Craig Web site doesn't provide any info on retail locations the place they are available for purchase (or beneficial retail prices, as we mentioned beforehand). The Maylong Web site is maddeningly vague at finest, and just plain inaccurate at worst.
    Web site to help you see your train information -- you might have to attach the detachable USB thumb drive to a pc to sync the data it collects. For more info on slicing-edge products, award a while to the hyperlinks on the subsequent page. That implies that when disaster strikes, first responders from a wide variety of businesses can talk and coordinate in real time.

标签云

CopyRight © Dcr163.cn 粤ICP备15066935号 2016 ~ 2024 32ms
RSS MAP