So, I recently setup digital ocean droplet with Ubuntu 20.04 with nginx web server. I one website default say example.com usinh nginx settings and then the IP of digital ocean as a record in domain dns panel.
So the example.com is working fine, but unknowing I put the same IP in another domain say example1.com and now both example1.com and example.com are opening the same website.
So, the question arise that any other domain who know my IP can use this IP to show the website which should not be allowed.
I am not clear on what configuration at OS level or server level has to be done to prevent unwanted domains to use this IP or add some domain on server to allow specific domain only.
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 default ssl http2;
server_name example.com;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
gzip on;
gzip_static on;
gzip_types font/woff2 text/plain text/css application/json application/x-javascript text/xml application/xml application/xml>
gzip_proxied any;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
Here is the full configuration of nginx:
configuration file /etc/nginx/sites-enabled/ug:
server {
listen 80 default_server;
return 404;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
gzip on;
gzip_static on;
gzip_types font/woff2 text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
gzip_proxied any;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
location / {
index index.html
add_header Pragma "no-cache";
add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
try_files $uri $uri @universal;
root /home/winnc/www/us/dist/ecommcerce/server;
}
location @universal {
proxy_pass http://localhost:4000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /admin {
index index.html
add_header Pragma "no-cache";
add_header Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0";
try_files $uri $uri/admin @universal-admin;
root /home/winnc/www/us/dist/ecommerce-admin/server/dist/ecommerce-admin/browser;
}
location @universal-admin {
proxy_pass http://localhost:4001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /api/ {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect http://localhost:5000 https://example.com;
root /home/winnc/www/us;
}
location /content/ {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect http://localhost:5000 https://example.com;
root /home/winnc/www/us;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}