I can’t answer how, but I want to ask why?
the reason is let all traffic go through the name server. you can only just visit from the domain name.
Step 1: get a valid certificate for your IP address.
Did you try this?
yes，you got my point. what i mean is how to set up in discourse docker nginx，need rebuild？
Modifing nginx conf inside the container is done trough the app.yml file.
For an example, see here.
That’s why step 1 is:
That won’t work on HTTPS sites, because all the redirection, hostname checking, etc happens after the SSL negotiation is complete.
Wait, they want to NOT let people visit with just the IP.
Which is a little odd - exactly what harm is this doing, @doudou?
just for prohibition. can this be done in system setting，like firewall？
You can’t do what you want to do using a firewall. In order to do what you want to achieve, you must first get a valid, trusted certificate for your server’s IP address. Until you have that, nothing else can be done. Talk to your preferred CA to organise that.
i just want when people visit the website via https://serverip he will get an internal 500 page or nothing at all and cant go on by clicking trust the certification. so i am seaching for the solution on nginx or firewall. any sugguestion？
It can’t be done unless you have a valid, trusted cert for your IP address. This is why I keep telling you to get a valid, trusted certificate for your server’s IP address.
Nah, I think @doudou here would be happy if, after they clicked past the bad cert warning, then they got the 500 page.
So a 99-year self-signed cert for the IP address would be fine.
One of many how-to guides for that: HowTo: Create a Self-Signed SSL Certificate on Nginx For CentOS / RHEL - nixCraft
this could not be intergreted with domain name and with discourse using self sign and public CA
With SNI, you can have multiple certificates. During the SSL negotiation the browser tells the server what name it is trying to reach, and the server returns the appropriate cert. The link I provided appeared to have instructions for SNI under nginx. Your regular site could use your regular cert.