任何指向我 DigitalOcean Droplet IP 的 XYZ 域名都会重定向到我的论坛。这导致产生了大量未知的 404 日志,并影响了链接档案。
我考虑添加如下规则:
location / {
if ($server_name !~ "^forum\\.)?example\\.com$") {
return 403;
}
}
这意味着拒绝来自未授权域名的请求。
请指导我如何添加该规则?
谢谢与致敬,
Gulshan
Last time this was brought up the easiest solution was to enable SSL, that will cause the wrong domains to either redirect to the correct one, or show an SSL error:
If thats not an option you can use a pups template to add that 403 block into the Discourse nginx config.
3 个赞
I am already using Let’s Encrypt. The issue is what XYZ domain point it simply redirect 301 to my forum.
Then adding it to the Discourse nginx config would be the next easiest thing. Using a new pups template would be the best way, to save you needing to re-apply the change every rebuild.
You could try… Make a new file at /var/discourse/templates/web.403.yml, with the following contents:
run:
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /location / \{/
to: |
location / {
if ($server_name !~ "^forum\.)?example\.com$"){
return 403;
}
Then edit /var/discourse/containers/app.yml and at the bottom of the templates section add a new line:
- "templates/web.403.yml"
And then try and run a ./launcher rebuild app, see how that goes.
4 个赞
Thanks, I will try it in the mid night (less traffic time) and update here what happens.
I should add…
If you want to test that config you can use ./launcher enter app to get a terminal up in the container, then edit /etc/nginx/conf.d/discourse.conf there (vi should be installed, or install something more familiar), and you can run service nginx reload to apply the config change.
If that all runs well, then my above post will make the change more permenant (by automatically making the change to the file every rebuild)
2 个赞