我有多个虚拟主机,我想“关闭”默认虚拟主机,可以通过空白页、错误页或通常以最有效利用 Nginx 资源的方式,同时只允许其他虚拟主机通过预定义域访问。
答案1
定义一个默认服务器返回HTTP 444代码:
server {
listen 80 default_server;
server_name _;
return 444;
}
(返回 4xx 错误代码意味着请求可以被客户端解释为不成功的请求,而不是HTTP 200 空白页但完全可以相信我。
对于端口 443 / SSL 请求,您可以使用 ssl_reject_handshake on
答案2
只需定义默认vhost 将指向包含空白 index.html 文件的目录。
server {
listen 80 default_server;
server_name _ ;
root /var/www/placeholder ;
index index.html;
}
并将空白索引放在 /var/www/placeholder 中
答案3
为什么不直接否认所有
server {
listen 80 default_server;
server_name _;
location / {
deny all;
}
}
答案4
这对于我在运行 nginx 的 Debian 10(buster)上的 HTTP 和 HTTPS 都有效1.18.0
。
注意:我总是将其附加include /etc/nginx/sites-enabled/*;
到并使用和 /etc/nginx/sites-enabled 文件夹管理 vhostshttp
部分。/etc/nginx/nginx.conf
/etc/nginx/sites-available
步骤 1:创建自签名占位符证书
$ mkdir -p /usr/local/etc/ssl
$ cd /usr/local/etc/ssl
$ openssl req -new -x509 -days 1 -nodes -out default-cert.pem -keyout default-key.pem
Generating a RSA private key
.+++++
.........................+++++
writing new private key to 'default-key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
步骤 2:创建默认虚拟主机
cat << EOF > /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen 443 default_server ssl;
return 444;
ssl_ciphers aNULL;
ssl_certificate /usr/local/etc/ssl/default-cert.pem;
ssl_certificate_key /usr/local/etc/ssl/default-key.pem;
}
EOF
步骤 3:启用默认虚拟主机
cd /etc/nginx/sites-enabled
ln -s ../sites-available/default default