Disable direct access with port (nginx)


(Haobin Liang) #1

I am not sure if I could the problem clear but I will try my best. :grin:

I set up the Discourse on port 9988 and proxy it to subdomain, http://d.abc.com/, with nginx. It works. However, I can still access it from http://abc.com:9988/ and http://d.abc.com:9988/. How can I completely disable the access to the port?

I am using Digital Ocean droplet and both top and subdomain are on the same droplet.

Below is my conf for both sites (in one file).

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name fuguo.uk; # Replace with your domain

    location / {
         root /var/www/abc.com;
         index index.html index.htm;
    }
}

server {
    listen 80;
    server_name d.abc.com # Replace with your domain

    location / {
        proxy_pass http://localhost:9988;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }
}

Many thanks.


(Felix Freiberger) #2

Your can use a firewall like iptables to block access to this port.

Alternatively, you can follow this guide to use a socket instead of a port, eliminating the need to block any port :slight_smile:


(Haobin Liang) #4

@fefrei Thank you! You are the best! :kissing_heart: