Server IP resolves to first site
af1 opened this issue · 15 comments
I have a server with several sites on it. When I put the IP address of the server into a web browser one of the sites shows up. I feel the expected behavior here is to return 444, not forward to a domain.
I had the same issue, so I added the following code to the top of the default Nginx file found at /opt/easyengine/services/nginx-proxy/conf.d/default.conf
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
return 503;
}
Note, this only works for HTTP. I could not get it working for HTTPS.
Thanks for that!
A fix for HTTPS would be great.
A solution for both HTTP and HTTPS might look like this:
server {
listen 443 default_server deferred ssl;
listen [::]:443 default_server deferred ssl;
ssl_reject_handshake on;
return 444;
}
server {
listen 80 default_server deferred;
listen [::]:80 default_server deferred;
return 444;
}
Note: 444 is returned, which instructs Nginx to drop the connection rather than return an error page. The user sees "This site can’t be reached" in the browser.
Refs:
Hey @mikelittle thanks so much for that. I did something similar on my own referencing the docs, and it still redirects to the first site created when going to the server IP.
To clarify, I put your code as the the top server block of /opt/easyengine/services/nginx-proxy/conf.d/default.conf
It still had the issue once I restarted NGINX, and once I rebooted the server, the changes were gone from the config.
I think this is because you can't have default_server
twice. If I change it to
server {
listen 443 deferred ssl;
listen [::]:443 deferred ssl;
ssl_reject_handshake on;
return 444;
}
server {
listen 80 default_server deferred;
listen [::]:80 default_server deferred;
return 444;
}
it works.
(I was only checking with curl -I
so I didn't see that it was returning the first site home page. Sorry!)
Thanks for your help @mikelittle.
I've tried your updated code but SSL still redirects to a site on my server rather than dropping the connection. Here's the output from curl.
curl https://167.71.133.231 --insecure -v
* Trying 167.71.133.231:443...
* Connected to 167.71.133.231 (167.71.133.231) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: O=CloudFlare, Inc.; OU=CloudFlare Origin CA; CN=CloudFlare Origin Certificate
* start date: Dec 19 15:33:00 2019 GMT
* expire date: Dec 15 15:33:00 2034 GMT
* issuer: C=US; O=CloudFlare, Inc.; OU=CloudFlare Origin SSL Certificate Authority; L=San Francisco; ST=California
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fb7d5812800)
> GET / HTTP/2
> Host: 167.71.133.231
> user-agent: curl/7.79.1
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 301
< server: nginx
< date: Wed, 22 Mar 2023 13:58:17 GMT
< content-type: text/html
< content-length: 162
< location: https://blossomtreephoto.co.uk/
< x-powered-by: EasyEngine v4.6.5
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
I also can't figure out a spot to place the code that isn't wiped after a reboot.
Also bothered by this, mostly because the first site I set up is one I don't want to be seen much!
I was facing the same. Disabling and then re-enabling website fixed the issue
I was facing the same. Disabling and then re-enabling website fixed the issue
@perochak Can you please go into more detail? Thanks.
I was facing the same. Disabling and then re-enabling website fixed the issue
I tried the same and it didn't work for me. Same issue.
I have 3 websites published first on the server. 1 was pointing to a domain and 2 were not.
I pointed 3rd to domain but 2nd was not yet.
So, it was behaving wired. Sometime, 3rd start loading contents of 1st site and sometime 2nd.
I disabled 2 and 3rd one and then enabled 3rd one and it fixed the issue.
Thank you, but sadly that does not work for me.
So, I still have the problem.
Thanks!
FYI I got a browser warning about SSL certificate mismatch (SSL from my first site) and also 502 Bad Gateway. I disabled and re-enabled the first site and everything is working nicely.