gpt4 book ai didi

nginx - 使用 IP 访问 nginx 服务器时给出 404 状态,但不使用域

转载 作者:行者123 更新时间:2023-12-04 18:01:20 24 4
gpt4 key购买 nike

我在 Nginx 中有以下服务器:

server {
listen 80 ;
server_name _;
return 404;
}

server {
listen 443 ssl ;
server_name _;
return 404;
}

server {
server_name sub.domain.com 192.168.2.10;
listen 80;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name sub.domain.com 192.168.2.10;

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;

}

}

我想要实现的是当使用外部 IP 访问 Nginx 时给出 404 错误,在 HTTP 端口 80 和 HTTPS 端口 443 上。但是当使用 sub.domain.com 或我的本地访问时允许访问知识产权。当我将“default_server”添加到最后一个服务器 block 时它确实工作正常,它会在我的外部 IP 上给出 404,但仅在 HTTP 上,在 HTTPS 上它仍然会通过并显示内容。我做错了什么,我不知道。

对于上面的 nginx 代码块,它使用第三个服务器 block 将我重定向到 HTTPS url。但是该页面不会显示,我得到一个白页。

更新:

我现在按照 Mark 的建议尝试了这个配置

server {
listen 1.2.3.4:80;
listen 1.2.3.4:443;
server_name _;
return 444;
}

server {
server_name sub.domain.com 192.168.2.10;
listen 80;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name sub.domain.com 192.168.2.10;

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;

}

}

但我仍然可以使用外部 ip 访问我的 Nginx 服务器。例如:http://1.2.3.4https://1.2.3.4 1.2.3.4 当然是我服务器上的外部 IP。出于演示目的,它已在此处删除。

更新 2:

default_server 添加到 Mark 所建议的第一个 block 的监听器中,仍然会执行与第一次更新中解释的相同的操作。

最佳答案

https://security.stackexchange.com/a/107918 的帮助下解决了它

其中SSL返回444的证书信息是假的,无法在证书中查到真实域名。

server {
listen 80 ;
server_name _;
return 444;
}

server {
listen 443 ssl;
server_name _;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

return 444;
}

server {
server_name sub.domain.com 192.168.2.10;
listen 80;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name sub.domain.com 192.168.2.10;

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;

ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;

}

}

关于nginx - 使用 IP 访问 nginx 服务器时给出 404 状态,但不使用域,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34954064/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com