阻止直接 IP 访问端口 8080 但允许通过域访问(虚拟主机配置)

tag-icon tag-icon apache-2.2 reverse-proxy .htaccess virtualhost rewrite
阻止直接 IP 访问端口 8080 但允许通过域访问(虚拟主机配置)

我想从http://subdomain2.domain.com来自 URL 但不来自直接 IP(http://1.1.1.1:8080)。例如,下面是我的虚拟主机配置文件(站点2.conf)/etc/apache2/sites-available/部分<VirtualHost *:8080> ... </VirtualHost>似乎没有任何影响。

<VirtualHost *:80>
    ServerName subdomain2.domain.com
    ServerAlias www.subdomain2.domain.com
    ServerAdmin [email protected]
    DocumentRoot /var/www/site2
    Keepalive On

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine on
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
    RewriteRule .* ws://localhost:8080%{REQUEST_URI} [P]

    ProxyPreserveHost On
    ProxyPass "/stream" ws://localhost:8080/ retry=0 timeout=5
    ProxyPass "/" http://localhost:8080/ retry=0 timeout=5
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>

<VirtualHost *:8080>
        ServerName 1.1.1.1:8080
        ServerAlias  2001:0db8:85a3:0000:0000:8a2e:0370:7334:8080
        DocumentRoot /var/www/site2
        <Location />
            Require all denied
        </Location>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

为了http://subdomain1.domain.com,我已经成功地实现了这一点(000-默认.conf)/etc/apache2/sites-available/添加部分后,它工作正常<VirtualHost *:80> ... </VirtualHost>。以下是供参考的代码:

<VirtualHost *:80>
        ServerName subdomain1.domain.com
        ServerAlias www.subdomain1.domain.com
        ServerAdmin [email protected]
        DocumentRoot /var/www

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:80>
        ServerName 1.1.1.1
        ServerAlias  2001:0db8:85a3:0000:0000:8a2e:0370:7334
        DocumentRoot /var/www
        <Location />
            Require all denied
        </Location>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

答案1

因为你反向代理localhost:8080,可能除了 Apache 之外,还有一些应用程序服务器正在监听端口8080。您无法通过向 Apache 添加 VirtualHost 配置来控制其他软件。相反,请更改该软件的设置,使其仅监听本地环回 ( localhost) 而不是每个接口。

事实证明,另一台服务器是 Gotify,我们可以查阅其配置文档

gotify/server 在以下路径中查找配置文件

./config.yml /etc/gotify/config.yml

server:
  keepaliveperiodseconds: 0 # ...
  listenaddr: "" # the address to bind on, leave empty to bind on all addresses
  port: 80 # the port for the http server

在此config.yml,将参数更改server.listenaddr为,127.0.0.1因为它默认监听所有地址。

相关内容