Nginx 禁止非 sever 指定域名访问

  1.  首页
  2. 正文  
    3. 分享到:

Nginx 禁止非 sever 指定域名访问

困扰了两年都没有解决的问题,今天终于解决了。
原因不在于百度不到,而是方法太老不全,
大部分的文章都没考虑到开启ssl之后的跳转问题,
只禁止了http而忘记了设置了永久跳转的https,
按下面多增加一段 listen 443 的设置项就好。


return 410; 以下部分的 ssl 证书路径和加密方法可加可不加,
只是为了不让浏览器显示不安全的美观性。

server {
    listen 80 default_server;
    return 410;
}
server {
    listen 443 default_server ssl;
    return 410;
    ssl_certificate      /etc/nginx/ssl/nyaasu.top.pem;
    ssl_certificate_key  /etc/nginx/ssl/nyaasu.top.key;
    ssl_trusted_certificate    /etc/nginx/ssl/nyaasu.top.pem;
    ssl_dhparam          /etc/letsencrypt/live/dhparams.pem;


    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES25
6-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES
128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES12
8-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128
-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

    ssl_prefer_server_ciphers  on;
    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache          shared:SSL:50m;
    ssl_session_timeout        1d;
    ssl_session_tickets off;
    ssl_stapling               on;
    ssl_stapling_verify        on;

    add_header Strict-Transport-Security max-age=60;
}
最后修改:2020 年 08 月 05 日 08 : 42 PM
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏

发表评论