For anyone else wanting to do this specifically, I created /var/discourse/templates/web.blockemptyua.yml with the following contents:
run:
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /listen 443 ssl http2;/
to: |
listen 443 ssl http2;
if ($http_user_agent = "") { return 403; }
Then in /var/discourse/containers/app.yml I added this new template file to the end of the list of templates at the top of the file, followed by ./launcher rebuild app
Nginx now rejects all requests with an empty UA.
Edit: Changed the match/replace to be in a better place.