如何禁止IP直接访问OneinStack - A PHP/JAVA Deployment Tool这个界面

问答中心分类: Nginx如何禁止IP直接访问OneinStack - A PHP/JAVA Deployment Tool这个界面
paradox asked 8月 ago

用lnmp做了一个wordpress博客,不想让别人直接通过VPS的IP访问到“OneinStack – A PHP/JAVA Deployment Tool”这个页面,但又想通过网页的方式访问ip/phpMyAdmin,请问如何操作?

3 Answers
paradox answered 8月 ago

第二个问题:
 /usr/local/nginx/conf/vhost/domain.conf这里面是这样的

Start your code hereserver {
listen 80;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EE$
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name domain.com www.domain.com;
access_log /data/wwwlogs/domain.com_nginx.log combined;
index index.html index.htm index.php;
include /usr/local/nginx/conf/rewrite/wordpress.conf;
root /data/wwwroot/domain.com;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
#error_page 404 = /404.html;
#error_page 502 = /502.html;
if ($host != domian.com) {
rewrite ^/(.*)$ $scheme://domain.com/$1 permanent;
}

location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}

其中有一句是这样,

add_header Strict-Transport-Security max-age=15768000;

但是去添加HSTS Preload的时候提示错误。
 
Error: No includeSubDomains directiveThe header must contain the `includeSubDomains` directive.
Error: No preload directiveThe header must contain the `preload` directive.
Warning: Unnecessary HSTS header over HTTPThe HTTP page at http://domain.com sends an HSTS header. This has no effect over HTTP, and should be removed.
 
请问这个问题怎么解决。
 
感谢。

oneinstack 管理员 answered 7月 ago

删除/data/wwwroot/deafult/index.html
下面这个没明白,这个自动加的https配置报错吗?

paradox answered 7月 ago

首先感谢回答第一个问题。
第二个问题不是说自带的https配置报错,二是我去添加HSTS预加载列表(hstspreload.appspot.com)的时候报错。