Here is the config:

#HTTP - redirect all requests to HTTPS: server { listen 80; listen [::]:80 default_server ipv6only=on; return 301 https://$host$request_uri; } HTTPS - proxy requests on to local Node.js apps server { listen 443 default_server; server_name ΠΌΠΎΠΉΠ΄ΠΎΠΌΠ΅Π½.com; ssl on; # Use certificate and key provided by Let's Encrypt: ssl_certificate /etc/letsencrypt/live/dsa.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sad.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; # Pass requests for / to localhost:8080: location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_pass http://localhost:8080/; proxy_ssl_session_reuse off; proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_redirect off; } }

look it works on htpps. I tried

 server { listen ΠΌΠΎΠΉ_ip:80 default_server; server_name _; return 444; }

and / or

 server { listen ΠΌΠΎΠΉ_ip:443 default_server; server_name _; return 444; }

The site is dead.

And of course I restart nginx'a

Nginx proxies node.js

And is it possible to disable the error log (spec. Introduced ./4524) error_log

Thank!

It is necessary to close access to the site by ip And leave only access by the domain name.

  • If you are given an exhaustive answer, mark it as correct (a daw opposite the selected answer). - Nicolas Chabanovsky ♦

2 answers 2

  1.  server { listen 443 default_server; server_name ΠΌΠΎΠΉΠ΄ΠΎΠΌΠ΅Π½.com; ... }

    remove the default_server option in the listen directive to make it like this:

     server { listen 443; server_name ΠΌΠΎΠΉΠ΄ΠΎΠΌΠ΅Π½.com; ... } 
  2.  server { listen 80; listen [::]:80 default_server ipv6only=on; return 301 https://$host$request_uri; }

    and here remove the default_server option and add the server_name directive:

     server { listen 80; listen [::]:80 ipv6only=on; server_name ΠΌΠΎΠΉΠ΄ΠΎΠΌΠ΅Π½.com; rewrite https://ΠΌΠΎΠΉΠ΄ΠΎΠΌΠ΅Π½.com$request_uri permanent; }

  3. create a stub section for htts of the following form:

     server { listen 443 default; rewrite ^ http://$host$request_uri permanent; ssl on; ssl_certificate /ΠΊΠ°ΠΊΠΎΠΉ-Π½ΠΈΠ±ΡƒΠ΄ΡŒ/ΡΡƒΡ‰Π΅ΡΡ‚Π²ΡƒΡŽΡ‰ΠΈΠΉ/сСртификат; ssl_certificate_key /ΠΊΠ°ΠΊΠΎΠΉ-Π½ΠΈΠ±ΡƒΠ΄ΡŒ/ΡΡƒΡ‰Π΅ΡΡ‚Π²ΡƒΡŽΡ‰ΠΈΠΉ/ΠΊΠ»ΡŽΡ‡; }

    thanks to it, you will get at least some answer when trying to access https://Ρ‡Π΅Π³ΠΎ-Π½ΠΈΠ±ΡƒΠ΄ΡŒ , if the client browser for some reason decides to contact your http-server.

  • It does not help. It is also available via ip - Fail Khabibullin
  • @ FailHabibullin, there’s probably some kind of mutual understanding. What do you think is different β€œavailable by ip” and β€œ not available by ip”? - aleksandr barakin
  • That did not allow to connect to the site through the ip domain. And through the domain was connected - Fail Khabibullin
  • @FailHabibullin, your clarification is technically impossible - the http connection is established with the ip address, and the domain names are like aliases for ip addresses. introduced (in particular) to make it easier to remember. - aleksandr barakin
  • nginx doesn't like the rewrite line at all. $ request_uri permanent; Give me the direction from www.my.com to my.com does not eat pastexen.com/i/uPFTxeNLKu.png and put 80 and 443 not like - File Habibullin

The correct format is:

 server { listen ΠΌΠΎΠΉ_ip:80 default_server; server_name ""; access_log /dev/null; error_log /dev/null; return 403; }

Note the server_name option