Nginx 两台服务器一个按域另一个按 IP 阻止
Ngnix two server block one by domain another one by IP
我正在尝试在我的 NGnix 服务器上创建两个实例
首先会被
访问
mydomain.com (it listening to port 80 )
第二次使用
172.32.32.123:81 (it listening to port 81 and this IP is server IP)
这是我的默认文件
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name mydomain.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 81;
server_name 172.32.32.123:81;
root /var/www/html/root;
index index.html index.php;
set $MAGE_MODE developer; # or production or developer
set $MAGE_ROOT /var/www/html/root/;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
include /var/www/html/root/nginx.conf.sample;
}
}
服务器块在使用域名时工作正常,但在基于 IP 域的情况下,只有主页在内部页面上工作,我们收到 404 错误
目前还不清楚应该发生什么 - 应该处理一台服务器与另一台服务器的正确路径是什么?!
如果它们应该具有相同的基础文件,那么您的 root 指令非常可疑 — 一个只是 /var/www/html/,另一个是 /var/www/html/root/ — 是吗故意的?
否则,在出现 404 错误的情况下,应在 http://nginx.org/r/error_log 指定的文件中提及基础路径名(未找到),这可能会揭示发生了什么 — 那些返回的404实际上存在于光盘上?!
解决了使用以下默认配置的问题
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name magedev.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
index index.html index.php;
#try_files $uri $uri/ @handler;
#try_files $uri $uri/ /index.php;
expires 30d;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
#include fastcgi_params;
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
#include /var/www/html/root/nginx.conf.sample;
}
server {
listen 81;
server_name 192.87.123.132;
root /var/www/html/root;
index index.html index.php;
set $MAGE_MODE developer; # or production or developer
set $MAGE_ROOT /var/www/html/root/;
# **Inclusion of try_files Solved the issue for me**
location / {
try_files $uri $uri/ /index.php?$args;
autoindex on;
autoindex_exact_size off;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
include /var/www/html/root/nginx.conf.sample;
}
包含 try_files 为我解决了问题
location / {
try_files $uri $uri/ /index.php?$args;
autoindex on;
autoindex_exact_size off;
}
最好移到 ServerFault。
虽然我不确定,但在 ServerName 指令中包含端口对我来说看起来很可疑。
这看起来很危险:
包括/var/www/html/root/nginx.conf.sample
如果/var/www/html/root,并且其上面的目录只能由root 写入,可能没问题。否则,对于任何可以写入文件的用户来说,它都可能是一个 root exploit。将文件复制到安全的地方,并将其包含在该位置。
我正在尝试在我的 NGnix 服务器上创建两个实例
首先会被
访问mydomain.com (it listening to port 80 )
第二次使用
172.32.32.123:81 (it listening to port 81 and this IP is server IP)
这是我的默认文件
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name mydomain.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 81;
server_name 172.32.32.123:81;
root /var/www/html/root;
index index.html index.php;
set $MAGE_MODE developer; # or production or developer
set $MAGE_ROOT /var/www/html/root/;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
include /var/www/html/root/nginx.conf.sample;
} }
服务器块在使用域名时工作正常,但在基于 IP 域的情况下,只有主页在内部页面上工作,我们收到 404 错误
目前还不清楚应该发生什么 - 应该处理一台服务器与另一台服务器的正确路径是什么?!
如果它们应该具有相同的基础文件,那么您的 root 指令非常可疑 — 一个只是 /var/www/html/,另一个是 /var/www/html/root/ — 是吗故意的?
否则,在出现 404 错误的情况下,应在 http://nginx.org/r/error_log 指定的文件中提及基础路径名(未找到),这可能会揭示发生了什么 — 那些返回的404实际上存在于光盘上?!
解决了使用以下默认配置的问题
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name magedev.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
index index.html index.php;
#try_files $uri $uri/ @handler;
#try_files $uri $uri/ /index.php;
expires 30d;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
#include fastcgi_params;
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
#include /var/www/html/root/nginx.conf.sample;
}
server {
listen 81;
server_name 192.87.123.132;
root /var/www/html/root;
index index.html index.php;
set $MAGE_MODE developer; # or production or developer
set $MAGE_ROOT /var/www/html/root/;
# **Inclusion of try_files Solved the issue for me**
location / {
try_files $uri $uri/ /index.php?$args;
autoindex on;
autoindex_exact_size off;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
include /var/www/html/root/nginx.conf.sample;
}
包含 try_files 为我解决了问题
location / {
try_files $uri $uri/ /index.php?$args;
autoindex on;
autoindex_exact_size off;
}
最好移到 ServerFault。
虽然我不确定,但在 ServerName 指令中包含端口对我来说看起来很可疑。
这看起来很危险:
包括/var/www/html/root/nginx.conf.sample
如果/var/www/html/root,并且其上面的目录只能由root 写入,可能没问题。否则,对于任何可以写入文件的用户来说,它都可能是一个 root exploit。将文件复制到安全的地方,并将其包含在该位置。