如何禁止IP直接访问HTTPS
nginx里如下设置:
server {
listen 80;
listen 443 ssl spdy;
root /data0/web/domain.com;
server_name domain.com *.domain.com;
index index.html index.htm index.php;
location / {
}
}
##default
server {
listen 80 default;
listen 443 default;
server_name _;
root /data0/web/empty;
location / {
return 500;
}
}
如上设置,访问https://ip。SSL无法工作。即便访问https://domain.com也无法访问。
listen 80 default;
server_name domain.com *.domain.com;
...
if ( $host ~* "\d+\.\d+\.\d+\.\d+" ) {
return 400;
}
使用这样的代码就Ok了
server
{
listen 443 default;
return 400;
}
server
{
listen 443 ssl default_server;
ssl_certificate path_to_your_fullchain.cer;
ssl_certificate_key paht_to_your_key;
return 301 https://demo.com;
}
一定要配置 ssl 证书,要不然不起作用