reidlab/nix-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

prevent hostless access

Browse source
This commit is contained in:
Reid 2024-06-21 22:53:37 -07:00
parent 65ced5335c
commit f8de5f317f
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/services/nginx-conf.nix
View file

@ -107,6 +107,14 @@ in {
${realIpsFromList cfipv6} ${realIpsFromList cfipv6}
real_ip_header CF-Connecting-IP; real_ip_header CF-Connecting-IP;
''; '';
# prevent leaking domain through direct ip access or no host
# generally a good idea to keep this
virtualHosts."_"= {
default = true;
rejectSSL = true;
locations."/".return = 444;
};
}; };
networking.firewall.allowedTCPPorts = [ 443 80 ]; networking.firewall.allowedTCPPorts = [ 443 80 ];