Disable Direct IP Access in Nginx (HTTP & HTTPS) .
If you use nginx for shared hosting and thus work with server blocks (virtual hosts) it is best to block access to the web server through the server ip address both with “http” and “https”. With the solution we propose here we also prevent that domains that have an A record and thus point to the server but for which no server block has been created yet are also rejected. This also prevents a random SSL certificate from being used for virtual host for which no https was set up in the server block.
Move the nginx “default.conf” file to save as back-up.
# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig
Create a new “default.conf” file.
# vi /etc/nginx/conf.d/default.conf
Add following code:
server { listen 80 default_server; listen [::]:80 default_server; listen 443 default_server ssl; listen [::]:443 default_server ssl; ssl_reject_handshake on; server_name _; return 444; }
Check the configuration.
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
And restart nginx.
# systemctl restart nginx