Allow nginx access only from IP address - nginx

I have a domain, e.g. www.domain.com which is registered on IP XXX.XXX.XXX.XXX, where my site is running on port 80.
I was wondering if there is a way, to block user access www.domain.com , forcing users to use only the IP address to enter the site.
Is it possible to set something like this using nginx?
Anyway, I am using Ubuntu as server, and any configurations on OS to solve this will be appreciated too.
Thank you so much.
Update:
Thanks to #mettalic the configuration now looks like this configuration looks like this:
server {
listen 80;
server_name _;
return 403;
}
server {
listen 80;
server_name XXXX;
add_header 'Access-Control-Allow-Origin' "http://XXX";
add_header x-frame-options "DENY" always;
location /api {
proxy_pass http://localhost:5000;
}
location / {
add_header 'Access-Control-Allow-Origin' "http://XXXX";
root /usr/share/nginx/html/dist;
index index.html;
try_files $uri $uri/ /index.html;
}
}
It is fully working.

If you have only one host on this server on port 80. You can create nginx configuration file without server name. Just listen XXX.XXX.XXX.XXX:80;.
UPD:
You could try add server which will be return error to all users who will try reach your site by domain:
server {
listen 80;
server_name _;
return 403;
}
or redirect them to ip:
server {
listen 80;
server_name _;
return 301 http://XXX.XXX.XXX.XXX;
}

Set server_name 192.168.19.24; in your host's config block.
On Ubuntu, the default virtual host is in /etc/nginx/sites-available/default, but that may be different on other distributions.

Related

Ngrok not tunneling properly Nginx

I have my flask application deployed on Nginx over my VM.
Everything is deployed Ok and I can request my apis on http://my.ip.number (I have a public IP)
But when I run Ngrok (I need https and I don't have a domain name to generate a SSL certificate), the URL https//number.ngrok.io shows me the Nginx home page (Welcome to Nginx) instead my webapp.
Why is this happening?
P.D: When I run "curl localhost" I get the Nginx Welcome Page but when I exec "curl -4 localhost" I get my webapp home page
etc/nginx/site-available/myproject
server {
listen 80;
server_name 0.0.0.0;
location / {
include proxy_params;
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
server {
listen 80;
server_name 127.0.0.1;
location / {
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
server {
listen 80;
server_name public.ip;
location / {
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
Any request coming in from ngrok, has the Host header set to the ngrok URL. The behaviour of nginx would be to try and match one of the server blocks in your configuration above, and default to the first one if no server_name matches the Host header.
However, I'm guessing there's another configuration file at /etc/nginx/conf.d/default.conf or /etc/nginx/sites-enabled/0-default which has a listen directive with default_server set. That will be catching these requests and serving the "Welcome to nginx!" page.
I suggest you look for that file, and remove it which should solve the issue.
However you could also simplify the above configuration and simply have:
server {
listen 80;
server_name localhost;
location / {
include proxy_params;
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
Provided there's not another server block hiding somewhere else in the configuration with a directive like listen 80 default_server; then this should catch all requests.
For more info see: How nginx processes a request

Nginx reverse proxy doesn't work as expected

I have two domains on different nginx(1.15.0) servers (server1 example.com and server2 example.net). I've tried to set up server2 as a reverse proxy with ngx_http_substitutions_filter_module but it doesn't work as expected.
Due to my config, subs_filter directive should replace example.com to example.net but when I type example.net in browser it redirects me to example.com.
nginx.conf
http {
//other settings
.....
include /etc/nginx/sites-enabled/*;
upstream example.com {
server example.com;
}
}
example.net.conf
server {
listen 80;
server_name example.net www.example.net;
rewrite ^/(.*)$ https://example.net/$1 permanent;
}
server {
listen 443 ssl;
server_name example.net;
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
root html;
try_files $uri #example.com;
}
location #example.com {
include replace.conf;
proxy_pass http://example.com;
proxy_cookie_domain example.com example.net;
proxy_set_header Accept-Encoding "";
proxy_set_header Host example.com;
proxy_redirect http://example.com http://example.net;
}
}
replace.conf
# replace direct links
subs_filter "www.example.com" "example.net" gi;
subs_filter "example.com" "example.net" gi;
Seems like nginx ignores subs_filter directive.
Could someone explain me how can I replace uri properly using ngx_http_substitutions_filter_module? Thank you for advice!
Problem solved.
First of all I removed upstream from nginx.conf:
upstream example.com {
server example.com;
}
Then I changed following lines in example.net.conf:
location / {
...
try_files $uri #static;
}
location #static {
...
proxy_pass https://example.com;
...
...
...
proxy_redirect https://example.com https://example.net;
}
All works fine except login form. Firefox works correctly but Chrome returns error 422. I suppose this is because the login form works on javascript.
Anyway thanks to all!

Nginx URL masking to a different domain

There's a few similar questions on SO, but none exactly mine, and I've had no luck trying to adapt their answers so far.
I want to map the URL http://sub.example.com to https://123.12.12.12/path, such that the browser still shows the URL http://sub.example.com.
My Nginx config file looks like,
server {
listen 80;
server_name sub.example.com;
location / {
proxy_pass https://123.12.12.12;
rewrite ^/$ /path last;
}
}
The routing works here, but the URL displayed is http://sub.example.com/path. How do I make it display only http://sub.example.com?
server {
listen 80;
server_name sub.example.com;
location / {
proxy_pass https://123.12.12.12/path;
}
}
Thats how it works. If proxy_pass contains locations part - current location will be replaced to specified. http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
But it's help only for http request and http redirects. If application create html with links https://123.12.12.12 - it's still unchanged. In this case you can try ngx_http_sub_module.
I did like this:
server {
listen 80;
listen [::]:80;
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name domain1;
if ($request_method ~* OPTIONS|GET|HEAD) {
return 301 https://domain2$request_uri;
}
location ~* api {
proxy_pass https://domain2$request_uri;
}
}
Because post-requests will cause a 405 error when redirecting.

multiple Domains without repeat config

How can I serve multiple domains with the same configuration, without copying the server{} rule configuration for every domain?
example.com
example.org
example.de
example.ro
Nginx Config:
upstream example_live {
server 127.0.0.1:8300;
}
server {
listen 80;
server_name example.com example.org example.de example.ro;
access_log /var/log/nginx/example.access.log;
error_log /var/log/nginx/example.error.log;
location / {
proxy_pass http://example_live/VirtualHostBase/http/example.??:80/example/VirtualHostRoot/;
include /etc/nginx/ps.cfg/proxy.conf;
}
include /etc/nginx/cfg/base.conf;
}
in the same server section and using server_name directive to support multiple domains. And seems you already give the answer above.
This works for me, thank you for your Comment
server_name a.com www.a.com
b.org www.b.org
c.net www.c.net;
access_log /var/log/nginx/a.com.access.log;
error_log /var/log/nginx/a.com.error.log;
location / {
rewrite ^(.*)$ /VirtualHostBase/http/$http_host:80/a/VirtualHostRoot$1 break;
proxy_pass http://127.0.0.1:8080;
}

What's wrong with this nginx.conf?

I'm using nginx as a load balancer to 4 internal server instances. The below nginx.conf will work correctly only for www.mydomain.com . But not for mydomain.com or http://mydomain.com.
upstream mydomain{
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}
server {
listen 80;
server_name www.mydomain.com;
location / {
proxy_pass http://mydomain;
}
}
It's normal that it doesn't work for mydomain.com because of server_name www.mydomain.com.
I'm not an nginx expert, but try omitting server_name.
I think you can try this:
server {
listen 80;
server_name www.mydomain.com mydoamin.com;
location / {
proxy_pass http://mydomain;
}
}
At least I've found this solution in docs
all webservers will only work for the domain you configure. In this case, the only domain you added is www.mydomain.com, so it is only going to "work" for the address www.mydomain.com.
If you want all subdomain to work, you need a wildcard character in front of mydomain.com as the following:
server {
listen 80;
server_name .mydomain.com;
location / {
proxy_pass http://mydomain;
}
}
Notice the . before mydomain.com.

Resources