Disable Direct IP Access in Nginx (HTTP & HTTPS) .

ByPieter Bakker 03/10/202223/03/2023

If you use Nginx for shared hosting, it is recommended for security reasons to enforce strict compliance with SNI, where requests for domain names not hosted on the web server or the IP address of both “IPv4” and “IPv6,” from the server itself for both “HTTP” and “HTTPS” are rejected.

By default, Nginx chooses the first server block it can find if there is no matching “server_name” if the “default_server” is not configured, which is clearly not intended.

To prevent this, the “default.conf” file needs to be modified, closing all unwanted requests with Nginx’s non-default code 444.

As of Nginx version “1.19.4”, the newly added “ssl_reject_handshake” directive can be used to block direct IP access via “HTTPS” without the need for a valid SSL certificate.

This tutorial requires you to be logged in as root, so switch to root user if you are not already.

sudo -i

Move the current Nginx “default.conf” file to keep as a backup.

mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig

Create a new “default.conf” file.

cat > /etc/nginx/conf.d/default.conf << EOF
server {
    listen   80 default_server;
    listen [::]:80 default_server;
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;

    ssl_reject_handshake on;

    server_name _;

    return 444;
}
EOF

Check the configuration.

nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

And restart nginx.

systemctl restart nginx

Now, if you try to connect directly through the server IP address or a domain name that is not defined, the connection will be closed almost immediately, saving bandwidth and most importantly not exposing any hosted domain on the server.

Generate SSL certificates with acme.sh on Nginx.

ByPieter Bakker 26/03/202327/04/2023

In this article, we will see how to install and configure “acme.sh” to generate SSL certificates for domains and how to implement it with Nginx to secure the connection to corresponding websites hosted on our web server via “HTTPS”. To optimize the security of connections to the web server and comply with all applicable guidelines,…

Nginx | LEMP | Linux | MariaDB | PHP

How to build a LEMP stack on Ubuntu 22.04.

ByPieter Bakker 11/03/202327/04/2023

If you’re looking to host your own open source applications, setting up a LEMP (Linux, Nginx, MySQL/MariaDB, PHP) web stack is one of the best choices out there, if not the best. With the latest versions of Nginx, MariaDB, and PHP 8.2, you’ll have a fast and reliable platform for running a wide range of…

Nginx

Nginx: [warn] protocol options redefined

ByPieter Bakker 28/04/202328/04/2023

If you get an error message “nginx: [warn] protocol options redefined” after upgrading Nginx to the latest stable version 1.24, you can easily fix it by adding “http2” to the 443 “Listen” directive in the default.conf file. vi /etc/nginx/conf.d/default.conf server { listen 80 default_server; listen [::]:80 default_server; listen 443 default_server http2 ssl; listen [::]:443 default_server…

Nginx

Fix 504 Gateway Timeout error using Nginx as reverse Proxy.

ByPieter Bakker 17/02/202309/03/2023

When using Nginx as a reverse proxy for Apache, among others, you may get timeouts with error code 504 if an application takes longer to complete a request than the default Nginx request timeout which is 60 seconds. To increase the request timeout in Nginx to serve long-running requests, we need to change the default…

Nginx | LEMP | Ubuntu | Ubuntu 22.04

Host Multiple Domains with Nginx on Ubuntu 22.04.

ByPieter Bakker 24/03/202327/04/2023

In a previous article, we showed you how to set up a full LEMP stack on Ubuntu 22.04 with the latest stable version of Nginx, MariaDB and PHP, which will serve as the foundation for a reliable and performance-focused hosting platform. Nginx is a fast, lightweight and powerful web server that can also be used…

Nextcloud | Nginx

Error 413 on large file uploads with Nextcloud behind Nginx reverse proxy.

ByPieter Bakker 15/04/202103/11/2021

If you are running Nextcloud behind a Nginx proxy server, you will need to change the maximum file size for uploads which by default is only 1MB on Nginx. You can use the “client_max_body_size” directive to set the required file size for uploading. This directive can be set in the http, server or location context….

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Similar Posts