Nginx下配置禁止直接通过ip访问网站-赤坂的日常琐碎

配置示例：

# 在 nginx.conf 文件的 server 段之前，添加以下两个段来禁止直接使用 IP 访问
server {
listen 80 default_server;
server_name _;
return 444;
}
server {
listen 443 default_server;
server_name _;
return 444;
ssl_reject_handshake on;
}
# 配置具体的站点
server {
listen 80;
server_name example.com;
# 其他配置...
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/example.com.crt;
ssl_certificate_key /path/to/example.com.key;
# 其他配置...
}

或者自定义错误页面

server {
listen 80 default_server;
server_name _;
return 400;

error_page 400 /400.html;
location = /400.html {
root /var/www/html;
internal;
}
}
server {
listen 443 default_server ssl;
server_name _;
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/certificate.key;
return 400;
error_page 400 /400.html;
location = /400.html {
root /var/www/html;
internal;
}
}

根目录、索引文件

server {
listen 80;
server_name example.com;
root /var/www/example.com;
index index.html index.htm index.php;
}

日志配置

server {
listen 80;
server_name example.com;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
}

SSL证书和密钥

server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/example.com.crt;
ssl_certificate_key /path/to/example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
}

HTTP到HTTPS重定向

server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}

设置缓存头

server {
listen 80;
server_name example.com;
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
}