nginx proxy_pass config叶子不安全访问位置路径打开

发布于 2025-01-19 16:50:59 字数 802 浏览 0 评论 0原文

下面的 nginx 代码片段适用于我们的 Web 应用程序的 https 访问。然而，该应用程序的多个最终用户改为在浏览器中使用 IP 访问同一应用程序，而没有证书保护。
有什么方法可以阻止这种访问？

server {
  listen 80;
  server_name ourserver.com;
  return 301 https://ourserver.com$request_uri;
}
server {
  listen  443;
  server_name ourserver.com;
 
  ### SSL details removed
  ssl_certificate "//";
  ssl_certificate_key "//";
  ssl_session_cache
  ssl_session_timeout
  ssl_ciphers
  ssl_prefer_server_ciphers on;

  location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_read_timeout 1200;
    proxy_send_timeout 1200;
    proxy_connect_timeout 75;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
  }
}

原文

The nginx snippet below works for https access of our web application. However several end users of the app are instead using ip access in browser to the same app with no certificate protection.
Ways to block this access?

server {
  listen 80;
  server_name ourserver.com;
  return 301 https://ourserver.com$request_uri;
}
server {
  listen  443;
  server_name ourserver.com;
 
  ### SSL details removed
  ssl_certificate "//";
  ssl_certificate_key "//";
  ssl_session_cache
  ssl_session_timeout
  ssl_ciphers
  ssl_prefer_server_ciphers on;

  location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_read_timeout 1200;
    proxy_send_timeout 1200;
    proxy_connect_timeout 75;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
  }
}

分享到QQ

分享到微博