问题
I have an nginx configuration with two virtual hosts and no default site.
server {
listen 123.45.67.89:80;
server_name site_a.example.com site_a1.example.com;
root /srv/site_a_checkout/html/site_a;
access_log /var/log/site_a/nginx.access.log;
error_log /var/log/site_a/nginx.error.log;
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
Each of the virtual host configurations has a server_name line with two servers.
The existence of the second server_name, site_a1.example.com, is because there is more than one server and sometimes developers need to know which server they're looking at.
nginx performs exactly as expected, if http://site_a.example.com, http://site_a1.example1.com, http://site_b.example.com or http://site_b1.example1.com are requested.
The problem is that if http://123.45.67.89 is requested, the site_a site is served.
There is no /etc/nginx/sites_enabled/default, only virtual hosts for site_a and site_b.
Why is site_a served as http://123.45.67.89?
How can I make requests to the IP address fail?
I've also tried: https://superuser.com/a/1050864 and https://serverfault.com/a/525011 but these did not work either.
回答1:
None of these solutions worked because they were implicitly listening on 0.0.0.0:80, while the virtual hosts were listening on 123.45.67.89:80.
Default servers need to exist for any specific IP addresses which are listened-to by virtual hosts.
This works:
server {
server_name _;
listen 123.45.67.89:80 default_server deferred;
return 444;
}
If I add:
listen 123.45.67.89:443 default_server deferred;
it kills HTTPS connections (before the SNI can be read) breaking all SSL virtual hosts on that IP address. This is a problem for another day. https://serverfault.com/q/959286/20520
来源:https://stackoverflow.com/questions/55277279/nginx-is-serving-pages-for-requests-for-bare-ip-address-which-doesnt-match-the