Disable direct access with port (nginx)

preDawnHunter · July 22, 2015, 8:40pm

I am not sure if I could the problem clear but I will try my best.

I set up the Discourse on port 9988 and proxy it to subdomain, http://d.abc.com/, with nginx. It works. However, I can still access it from http://abc.com:9988/ and http://d.abc.com:9988/. How can I completely disable the access to the port?

I am using Digital Ocean droplet and both top and subdomain are on the same droplet.

Below is my conf for both sites (in one file).

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name fuguo.uk; # Replace with your domain

    location / {
         root /var/www/abc.com;
         index index.html index.htm;
    }
}

server {
    listen 80;
    server_name d.abc.com # Replace with your domain

    location / {
        proxy_pass http://localhost:9988;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }
}

Many thanks.

fefrei · July 22, 2015, 9:21pm

Your can use a firewall like iptables to block access to this port.

Alternatively, you can follow this guide to use a socket instead of a port, eliminating the need to block any port

preDawnHunter · July 22, 2015, 9:36pm

@fefrei Thank you! You are the best!

Topic		Replies	Views
Block Direct Connections Installation	4	989	November 24, 2014
Docker installation does not work with Cloudflare proxy Installation	6	1506	August 12, 2020
How to forbid direct IP visit to discourse? Installation	5	1296	April 21, 2015
Forcing access to Discourse via domain name only Installation	4	904	October 5, 2017
How to make Discourse coexist with nginx on a Debian 9 server? Installation	3	981	June 20, 2020

Disable direct access with port (nginx)

Related Topics