0

I have multiple services running on my server which will be accessed via nginx and encrypted by certbot. If i want to acess my service with my http://example.com, I get redirected to http(s)://example.com, which is great.

However, if I type in my IpAdress:Port I wont get redirected to my domain. This is my abc.com file in /etc/nginx/sites-enabled

server {
server_name abc.com; #example: mysite.xyz
#access_log /var/log/nginx/<servicename>.access.log;
#error_log /var/log/nginx/<servicename>.error.log;

location / {
        proxy_pass http://127.0.0.1:9000; # here you define the address, which is used by nginx to access your service
        proxy_http_version  1.1;
        proxy_cache_bypass  $http_upgrade;
        proxy_set_header Upgrade           $http_upgrade;
        proxy_set_header Connection        "upgrade";
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;
} # this is the port you use to access the proxied service

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/abc.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/abc.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = abc.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

server_name abc.com;

listen 80;
    return 404; # managed by Certbot

}

Can someone tell me or point me into a direction what I need to change in my abc.com file in order to redirect also requests via IpAdress:Port to https://example.com

I am grateful for any help!

Edit: I have made my services reachable via localhost which solved my problem. Thank you all for your contributions!

sergeantSalty
  • 1
  • 1
  • 1
    Don't try to do this. Requests to your IP address as HTTP host should be ignored, not redirected. Virtually all of them are malicious. The default configuration serves a 403 error to such requests, and this should be left in place. – Michael Hampton Jun 20 '21 at 11:53
  • Ignoring would be indeed the best option. However my default dont ignore such requests. If I type in my ip:port adress I get acess to my services. What exactly can I do to ignore such requests ? Thank you for your contribution! – sergeantSalty Jun 20 '21 at 14:16
  • 1
    Put back the default `server` block that came with the nginx distribution package. – Michael Hampton Jun 20 '21 at 14:26
  • Oh I must have understand you wrong, actually I didnt delete the default server block that came with nginx. – sergeantSalty Jun 22 '21 at 15:14

2 Answers2

0

Change one of the last lines to

listen 80 default;
drookie
  • 8,625
  • 1
  • 19
  • 29
0

Welcome to ServerFault.

Can someone tell me or point me into a direction what I need to change in my abc.com file in order to redirect also requests via IpAdress:Port to https://example.com

You don't have to edit the existing file that may be modified by Certbot in the future.

Instead, in /etc/nginx/sites-enabled, please create another file (for example, with the name ip.conf), with the following content...

server {
    listen 80;
    server_name 127.0.0.1;
    return 301 https://example.com$request_uri;
}

In the above code, please replace 127.0.0.1 with the actual IP address of your server and then replace example.com too.

Pothi Kalimuthu
  • 6,117
  • 2
  • 26
  • 38
  • Hi and thank your for your help. I tried your approach but sadly it doesnt work. I still get directed to my unsecured service. :/ – sergeantSalty Jun 22 '21 at 15:13