我正在使用 Nginx 和 Gunicorn 托管 Django 项目。我需要保护此站点,作为测试,我设置了“让我们加密”到我的一个未使用的域。在跟踪 Django 访问日志时,我不时注意到以下条目:
HTTP_HOST header 无效:“aydinfatih.com”。您可能需要将 u'aydinfatih.com' 添加到 ALLOWED_HOSTS。
这对我来说是一个未知的域,在尝试访问该域(它收到 400 响应)时,我可以在我的服务器上看到更多这些日志条目。这是什么?它是否与我的 SSL 设置有关,并表明它不安全?
server {
server_name example.com example.com;
location /static/ {
root /home/user/project/django-project;
}
location /media/ {
root /home/user/project/django-project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/project/project.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 80;
server_name my.server.ip.here example.com;
return 301 https://example.com;
}
我将以下内容添加到我的服务器 block 中:
if ($host !~* ^(example.com|www.example.com)$ ) {
return 444;
}
未知域现在显示 520。这是处理此问题的正确方法吗?我还错过了什么吗?
最佳答案
我误解了你的问题。这是一个新答案。
有人配置其 DNS 记录,将其域名指向您的服务器 IP。添加主机名检查当然有帮助,但通常我们使用默认的“捕获所有”服务器 block 来处理所有不需要的请求:
# "Catch all" server
server {
server_name _;
return 444;
}
# Your site settings
server {
server_name example.com example.com;
location /static/ {
root /home/user/project/django-project;
}
location /media/ {
root /home/user/project/django-project;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/project/project.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 80;
server_name my.server.ip.here example.com;
return 301 https://example.com;
}
关于django - "Invalid HTTP_HOST header"来自未知域,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48453603/