Hey, guys. Can you please tell me how to open a specific domain (my domain on the admin user), when I type ip address of the server? In VestaCP this was done simply by /etc/nginx/conf.d/vesta.conf, which domain first opens. There are a lot of questions in Hestia, trying to figure it out on my own, but for now, at least solve this one. I’ve already figured something out myself, rewrote the Hestia auto-install script with all the necessary software components on my servers. But sometimes questions arise.
P.S. Excuse my English, I am Russian and Ukrainian speaking.
I’m not interested in just the html page =) I’m interested in the domain folder, with php execution and scripts. Hestia has a number of vulnerabilities against bots that more or less advanced Internet resources will have to deal with sooner or later. In particular, I really don’t like that when typing the ip address of the server it gives out HTTP 200 OK. It’s a signal to the scanner on the internet and the consequence of a bad real human programmer coming in. It doesn’t have to be that way. Already read on the forum, smart guys wrote about control panel addresses, and phpmyadmin address - these are all indirect server vulnerabilities. How to simply make that when you type ip of the server, open, for example, example.com created on my server?
Just alter the html file and place a redirect? Or add another index.php fole and place a redirect there? Dont know what else you’re trying to find.
I tried to do as you advised. But, when I try to designate the /var/www/html redirectory I get a 500 error.
And this error may be in the presence of apache or without it. I doesn’t quite understand the logic behind the server’s behavior. Please describe what the server does when a non-existent http address is requested
Modify /etc/nginx/conf.d/ip.conf and add a redirect in Nginx…
1 Like
If you are trying to block a non-existent http address, then you could do following:
server {
listen 80 default_server;
listen 443 ssl ;
listen [::]:80;
listen [::]:443;
ssl_certificate /home/username/conf/web/domain.com/ssl/domain.com.crt;
ssl_certificate_key /home/username/conf/web/domain.com/ssl/domain.com.key;
include /etc/nginx/conf.d/custom/locations.conf;
location ~* ^.+\.*$ {access_log off;return 444;}
return 444;
}
server {
listen 127.0.0.1:80 ;
listen 127.0.0.1:443 ssl ;
server_name 127.0.0.1;
ssl_certificate /home/username/conf/web/domain.com/ssl/domain.com.crt;
ssl_certificate_key /home/username/conf/web/domain.com/ssl/domain.com.key;
location ~* ^.+\.*$ {access_log off;return 444;}
include /etc/nginx/conf.d/custom/locations.conf;
access_log /var/log/nginx/access.log main ;
return 444;
}
server {
server_name _;
include /etc/nginx/conf.d/custom/locations.conf;
access_log /var/log/nginx/access.log main ;
return 444;
}
server {
server_name 0;
include /etc/nginx/conf.d/custom/locations.conf;
access_log /var/log/nginx/access.log main ;
return 444;
}
You need to create respective dir and files. I have not tested this but I guess it should work and block a non-existent http address, specifically certain hacking attempts with @127.0.0.1 to fool apache2.
I do think that I should add a few more server config, though.
2 Likes
Thank you.