How to restrict access to a site by IP through nGinx?

Question

I have a website that can be accessed by entering the IP address. I want to make it accessible only through the domain. There is little suitable material on the Internet, there is no good explanation of what to replace in the ode of the nginx.conf file.

In my file already has 2 sections named server.

 server {
        listen 80;
        server_name avoe.com;
        rewrite ^ https://avoe.com$request_uri? permanent;
    }

server {
        listen                      443 ssl;
        server_name                 avoe.com;
        ssl_certificate             /etc/ssl/__reksoft_ru.crt;
        ssl_certificate_key         /etc/ssl/private.key;
        ssl_protocols               TLSv1.2 TLSv1.3;
        ssl_ciphers                 HIGH:!aNULL:!MD5;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

        client_body_buffer_size         8k;
        client_max_body_size            20m;
        client_body_in_single_buffer    on;
        client_header_buffer_size       1m;
        large_client_header_buffers 4   8k;

        location /Intra/api/thumbor/ {
            proxy_pass http://thumbor/;
        }

        location /solr {
            proxy_pass http://solr;
        }

        location /minio {
            proxy_pass http://minio;
        }

        location /activemq {
            proxy_pass http://activemq;
        }


        location / {
            proxy_pass http://wildfly/;

            proxy_buffer_size 16k;
            proxy_buffers 16 16k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
            proxy_read_timeout 180s;

            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;

            if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT)$ ) {
                return 405;
            }
        }

What to add or replace where so that access is ONLY by domain?

To avoid to many duplicates on SO, I'm going to delete my answer. The same information can be found [here](https://stackoverflow.com/a/69825652/7121513). — Ivan Shatsky, Nov 18 '21 at 18:30

score 0 · Answer 1 · answered Nov 02 '21 at 09:38

0

You could ensure the HTTP Host header is set to avoe.com like this:

if ($http_host != 'avoe.com') {
    return 301 https://avoe.com$request_uri;
}

answered Nov 02 '21 at 09:38

slauth

2,667
1
10
18

I don't think the OP wants a redirection. As I understand, he want to block an access to the site if the right `Host` header value is missing from the request. – Ivan Shatsky Nov 02 '21 at 10:41

score 0 · Answer 2 · answered Nov 02 '21 at 14:05

0

use this config as the server that listens on port 80:

server {
    listen 80;
    server_name avoe.com default_server;

    if ($host = avoe.com) {
         return 301 https://$host$request_uri;
    }
    return 404;
}

answered Nov 02 '21 at 14:05

omid yaghoobi

121
2

in which block should I write this? – Artur Vartanyan Nov 19 '21 at 07:15

How to restrict access to a site by IP through nGinx?

2 Answers2