0

My goal: disable/drop traffic to just home IP without domain in request.

Issue: Currently, if I (or anyone else) accesses my home IP via HTTP or HTTPS, it will show the first subdomain that is configured as a virtual host. I have tried multiple different configurations to drop or show my home IP "domain" as 410 Gone or even 444 drop connection, without success.

Here is the default server block in /etc/nginx/sites-available/default

 # Default server configuration # server { #server_name _; listen 80 default_server; listen [::]:80 default_server; # listen 443 default_server ssl; #listen 80; #listen [::]:80; # return 444; #ssl_ciphers aNULL; #ssl_certificate /etc/ssl/certs/ssl-cert-snakeoilnpem; #ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; location / { # return 444; # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } 

You can see that I have tried a few different configurations and they all seem to not work properly. Initially, if I didn't do anything, it would just direct to the default new website NGINX page:

server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } 

As a final note, and not sure if this matters, but "default" is not symlinked in /etc/nginx/sites-enabled...

So what am I doing wrong?

1
  • Use a tool like Wireshark to reveal the actual HTTP packets on the wire. Your nginx settings can only control how nginx generates responses, but whether the web browser behaves the way you want is out of control. Commented Nov 4, 2022 at 23:19

1 Answer 1

0

Using Nginx to Block Connections that aren't addressed to my domain has my earlier answer on this topic.

So yes, you need to have a server block with default_server directive. And the file that includes the server block needs to be linked to sites-enabled, otherwise nginx does not see the configuration.

You should use nginx -T to see what is the configuration nginx uses.

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.