Nginx Configuration for Domain-Only Web Access

· 1 min read

After DNS resolution configuration, we achieved domain access to WEB, but our WEB deployment server IP is visible, users can also access WEB via IP, this creates two problems

  1. If users always access via our IP, like if we change server机房 etc., IP will change, causing access failures.
  2. If they maliciously resolve their own domain to our WEB, it’s also possible So it’s necessary to set up to prohibit IP access to our WEB, only support specified domain access.

Specific Configuration

Below is my Nginx configuration for a WEB https://tool.alan.me

Configure Specified Domain Service

server {
       listen       443 ssl;
       server_name  tool.alanhe.me;

        ssl on;
        ssl_certificate "/etc/nginx/ssl/fullchain.cer";
        ssl_certificate_key "/etc/nginx/ssl/tool.alanhe.me.key";
      ...  
  }

Add Default Service Configuration

 server {
        listen 443 default_server ssl;
        server_name _;
        ssl on;
        ssl_certificate      /etc/nginx/ssl/fullchain.cer;
        ssl_certificate_key  /etc/nginx/ssl/tool.alanhe.me.key;
        return       403;
}

After configuration complete, restart service Nginx configuration nginx s- reload.

Effect

When we access via IP

When we access via specified domain