Nginx Configuration for Domain-Only Web Access

This post explains how to configure Nginx so a website is accessible only by domain, not by IP.

Jun 2, 2018 · 1 min read · 143 Words · -Views -Comments · Programming
Deployment Operations 🇨🇳 阅读中文版

After setting up DNS, we achieved domain access to the web site. But the server IP was still visible, so users could access the site via IP. This creates two problems:

  1. If users access via IP and the server location changes, the IP changes and access fails.
  2. If someone maliciously points their own domain to our IP, they can also access the site. So we should disable IP access and only allow specific domains.

Specific configuration

Below is my Nginx configuration for a site https://tool.alan.me.

Configure a specific domain 

server {
       listen       443 ssl;
       server_name  tool.alanhe.me;

        ssl on;
        ssl_certificate "/etc/nginx/ssl/fullchain.cer";
        ssl_certificate_key "/etc/nginx/ssl/tool.alanhe.me.key";
      ...  
  }

Add default service configuration 

 server {
        listen 443 default_server ssl;
        server_name _;
        ssl on;
        ssl_certificate      /etc/nginx/ssl/fullchain.cer;
        ssl_certificate_key  /etc/nginx/ssl/tool.alanhe.me.key;
        return       403;
}

After configuration, restart Nginx: nginx -s reload.

Effect

When accessing via IP:

When accessing via the specified domain:

Deployment Operations
Recommended
🍎 Mac 效率工具清单

启动器、笔记、终端、网络——我在用且愿意推荐的 Mac 软件精选

View List →
🤖 AI 工具与订阅清单

写作、编码、多模态——我在用的 AI 服务全景,含低价区订阅教程

View List →
Authors
Developer, digital product enthusiast, tinkerer, sharer, open source lover

Related