RTFM.WIKI

Ordnung muß sein. Ordnung über alles (18+)

Инструменты пользователя

Инструменты сайта


Боковая панель


Навигация

Линкшэринг

~~socialite Display:icon facebook twitter~~

ALARM!

Добавить новую страницу

You are not allowed to add pages

Реклама

linux:nginx:nginx_default_server

Сервер по-умолчанию в nginx

Чтобы избежать открытия рандомного сайта по IP адресу и обрабатывать все неизвестные запросы нам нужно создать виртуальный хост "по-умолчанию".

Создаём новый файл default_server.conf в директории /etc/nginx/conf.d

Не забываем про include в секции http

http {
        include /etc/nginx/conf.d/*.conf;
}

Сервер по-умолчанию на 80 порту

server {
    listen 1.2.3.4:80 default_server;
    listen [::]:80 default_server;
    server_name _;

    server_name_in_redirect off;
    log_not_found off;

    return 410;
}

Для HTTPS немного сложнее. (см. Как nginx обрабатывает запросы)

Здесь нам поможет змеиное масло :) Создаём self-signed сертификат для default_server.

openssl req -newkey rsa:2048 -nodes -keyout snakeoil_key.pem -x509 -days 3650 -out snakeoil_crt.pem

Сервер по-умолчанию на 443 порту

server {
    listen 1.2.3.4:443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name _;
    ssl_certificate /etc/nginx/ssl/snakeoil_crt.pem;
    ssl_certificate_key /etc/nginx/ssl/snakeoil_key.pem;
    server_name_in_redirect off;
    log_not_found off;
    return 410; # в большинстве howto используется 444
}

Вместо return 444 можно использовать return 410. Код 410 Gone сообщит ботам и поисковым системам, что URL можно удалить и никогда не индексировать его.

Проверим через curl

return 410

# curl -D -k -s -v http://1.2.3.4 
* About to connect() to 1.2.3.4 port 80 (#0)
*   Trying 1.2.3.4...
* Connected to 1.2.3.4 (1.2.3.4) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 1.2.3.4
> Accept: */*
> 
< HTTP/1.1 410 Gone
< Server: nginx/1.16.1
< Date: Sat, 18 Apr 2020 16:31:34 GMT
< Content-Type: text/html
< Content-Length: 143
< Connection: keep-alive
< 
<html>
<head><title>410 Gone</title></head>
<body>
<center><h1>410 Gone</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
* Connection #0 to host 1.2.3.4 left intact

# curl -D -k -s -v https://1.2.3.4
* About to connect() to 1.2.3.4 port 443 (#0)
*   Trying 1.2.3.4...
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=RTFM,OU=RTFM,O=RTFM,L=RTFM,ST=RTFM,C=UK
*       start date: Apr 17 16:36:35 2020 GMT
*       expire date: Apr 15 16:36:35 2030 GMT
*       common name: RTFM
*       issuer: CN=RTFM,OU=RTFM,O=RTFM,L=RTFM,ST=RTFM,C=UK
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0

return 444

# curl -D -k -s -v http://1.2.3.4 
* About to connect() to 1.2.3.4 port 80 (#0)
*   Trying 1.2.3.4...
* Connected to 1.2.3.4 (1.2.3.4) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 1.2.3.4
> Accept: */*
> 
* Empty reply from server
* Connection #0 to host 1.2.3.4 left intact

# curl -D -k -s -v https://1.2.3.4
* About to connect() to 1.2.3.4 port 443 (#0)
*   Trying 1.2.3.4...
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=RTFM,OU=RTFM,O=RTFM,L=RTFM,ST=RTFM,C=UK
*       start date: Apr 17 16:36:35 2020 GMT
*       expire date: Apr 15 16:36:35 2030 GMT
*       common name: RTFM
*       issuer: CN=RTFM,OU=RTFM,O=RTFM,L=RTFM,ST=RTFM,C=UK
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies

Discussion

Enter your comment. Wiki syntax is allowed:
 
linux/nginx/nginx_default_server.txt · Последнее изменение: 2020/04/18 21:31 (внешнее изменение)