Nginx 依據 IP 位址進行路由

tag-icon tag-icon nginx
Nginx 依據 IP 位址進行路由

我有我的網域 example.com,所以當有人點擊時www.example.com或 example.com 請求會自動定向到https://example.com- 效果很好。但是,當我使用節點應用程式 1.2.3.4 的 IP 位址時,它不會路由到https://example.com這是啟用 SSL 的。如果我使用 IP 位址,它會顯示同一頁面,但沒有掛鎖圖示。

那我如何將請求路由到https://example.com當有人輸入節點應用程式的IP位址?

我的 Node JS APP 託管在 AWS EC2 執行個體上,我還使用 certbot (LetsEncrpyt) 安裝了 ssl。這是我的 nginx 檔案。

 events {
  worker_connections  4096;  ## Default: 1024
}

http {
 
  include    conf/mime.types;
  include    /etc/nginx/proxy.conf;
  include    /etc/nginx/fastcgi.conf;
  index    index.html index.htm;

  default_type application/octet-stream;
  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
  access_log   logs/access.log  main;
  sendfile     on;
  tcp_nopush   on;
  server_names_hash_bucket_size 128; # this seems to be required for some vhosts


# Settings for normal server listening on port 80
server {
  listen       80 default_server;
  listen       [::]:80 default_server;
  server_name  example.com www.example.com;
  root         /usr/share/nginx/html;
  # location / {
  # }
  # Redirect non-https traffic to https
  if ($scheme != "https") {
    return 301 https://$host$request_uri;
  }
}
# Settings for a TLS enabled server.
server {
  listen       443 ssl http2 default_server;
  listen       [::]:443 ssl http2 default_server;
  server_name  example.com www.example.com;
  root         /usr/share/nginx/html;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
ssl_dhparam "/etc/pki/nginx/dhparams.pem";
  location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}
}

答案1

您可以設定監聽伺服器 IP 位址,然後在主機標頭後進行過濾並傳送 301 重定向,例如:

events {
  worker_connections  4096;  ## Default: 1024
}

http {
 
 
  index    index.html index.htm;

  default_type application/octet-stream;
  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
  access_log   logs/access.log  main;
  sendfile     on;
  tcp_nopush   on;
  server_names_hash_bucket_size 128; # this seems to be required for some vhosts


# Settings for normal server listening on port 80
server {
  listen       80 default_server;
  listen       [::]:80 default_server;
  server_name  example.com www.example.com 1.2.3.4;
  root         /usr/share/nginx/html;
  # location / {
  # }
  # Redirect non-https traffic to https

  if ($host = 1.2.3.4){
    return 301 https://www.example.com;
  }

  if ($scheme != "https") {
    return 301 https://$host$request_uri;
  }
}
# Settings for a TLS enabled server.
server {
  listen       443 ssl http2 default_server;
  listen       [::]:443 ssl http2 default_server;
  server_name  example.com www.example.com 1.2.3.4;
  root         /usr/share/nginx/html;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
ssl_dhparam "/etc/pki/nginx/dhparams.pem";

  if ($host = $server_addr){
    return 301 https://www.example.com;
  }


  location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}
}

相關內容