Disable Direct IP Access in Nginx (HTTP & HTTPS) .

ByPieter Bakker 03/10/202223/03/2023

If you use Nginx for shared hosting, it is recommended for security reasons to enforce strict compliance with SNI, where requests for domain names not hosted on the web server or the IP address of both “IPv4” and “IPv6,” from the server itself for both “HTTP” and “HTTPS” are rejected.

By default, Nginx chooses the first server block it can find if there is no matching “server_name” if the “default_server” is not configured, which is clearly not intended.

To prevent this, the “default.conf” file needs to be modified, closing all unwanted requests with Nginx’s non-default code 444.

As of Nginx version “1.19.4”, the newly added “ssl_reject_handshake” directive can be used to block direct IP access via “HTTPS” without the need for a valid SSL certificate.

This tutorial requires you to be logged in as root, so switch to root user if you are not already.

sudo -i

Move the current Nginx “default.conf” file to keep as a backup.

mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig

Create a new “default.conf” file.

cat > /etc/nginx/conf.d/default.conf << EOF
server {
    listen   80 default_server;
    listen [::]:80 default_server;
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;

    ssl_reject_handshake on;

    server_name _;

    return 444;
}
EOF

Check the configuration.

nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

And restart nginx.

systemctl restart nginx

Now, if you try to connect directly through the server IP address or a domain name that is not defined, the connection will be closed almost immediately, saving bandwidth and most importantly not exposing any hosted domain on the server.

Nginx

Fix 504 Gateway Timeout error using Nginx as reverse Proxy.

ByPieter Bakker 17/02/202309/03/2023

When using Nginx as a reverse proxy for Apache, among others, you may get timeouts with error code 504 if an application takes longer to complete a request than the default Nginx request timeout which is 60 seconds. To increase the request timeout in Nginx to serve long-running requests, we need to change the default…

Nginx

Get the Latest Version of Nginx on Ubuntu 22.04.

ByPieter Bakker 23/02/202308/03/2023

Nginx is a high-performance web server, load balancer, and reverse proxy that powers some of the most visited websites in the world. If you’re looking to improve the performance and security of your web applications, you can’t go wrong with Nginx. In this guide, we’ll show you how to install the latest version of Nginx…

Nginx

Nginx: [warn] protocol options redefined

ByPieter Bakker 28/04/202328/04/2023

If you get an error message “nginx: [warn] protocol options redefined” after upgrading Nginx to the latest stable version 1.24, you can easily fix it by adding “http2” to the 443 “Listen” directive in the default.conf file. vi /etc/nginx/conf.d/default.conf server { listen 80 default_server; listen [::]:80 default_server; listen 443 default_server http2 ssl; listen [::]:443 default_server…

acme.sh | LEMP | Nginx

Generate SSL certificates with acme.sh on Nginx.

ByPieter Bakker 26/03/202327/04/2023

In this article, we will see how to install and configure “acme.sh” to generate SSL certificates for domains and how to implement it with Nginx to secure the connection to corresponding websites hosted on our web server via “HTTPS”. To optimize the security of connections to the web server and comply with all applicable guidelines,…

Nginx | LEMP | Linux | MariaDB | PHP

How to install a LEMP stack on Ubuntu 22.04.

ByPieter Bakker 11/03/202320/06/2023

If you’re looking to host your own open source applications, setting up a LEMP (Linux, Nginx, MySQL/MariaDB, PHP) web stack is one of the best choices out there, if not the best. With the latest versions of Nginx, MariaDB, and PHP 8.2, you’ll have a fast and reliable platform for running a wide range of…

Nginx | Caching | Wordpress

How to set up Nginx FastCGI Page Cache with WordPress.

ByPieter Bakker 19/12/202320/12/2023

Nginx FastCGI cache is a feature of the Nginx web server that enables the caching of dynamic content generated by FastCGI applications such as PHP. By caching the dynamic content, Nginx can serve the content directly to visitors as a static page so that the same dynamic request does not have to be processed over…

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Similar Posts