Question

How to Redirect Droplet IP Access to Domain URL

Posted September 10, 2020 432 views
NginxWordPress

Hello everyone,

I followed DO’s tutorial (https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-18-04) along with all the pre-requisites which also include securing Nginx with Certbot.

My domain is properly being redirected from HTTP-to-HTTPS. No problem at that end.

Now, I have a few questions:

I can’t access my website through my Droplet IP (it serves 404). If I add HTTPS to the droplet IP, it shows the following and if I proceed, I can access the website.

First question: Why is this happening?

Second question: I want to redirect my droplet’s IP access to my actual domain URL (both when using HTTP and HTTPS). How can I do this?

Following is my default config file:

server {
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name example.com www.example.com;
        client_max_body_size 0;

        location / {
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
           expires max;
           log_not_found off;
        }

        location = /xmlrpc.php { deny all; }

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# Expires map
map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch;
    text/css                   max;
    application/javascript     max;
    ~image/                    max;
}

server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        server_name example.com www.example.com;
    return 404; # managed by Certbot

    expires $expires;
}

It’d be great if someone could help me, I tried looking up and did find some solutions by creating a new server block, but that didn’t fit my current defined server blocks.

Best regards,
Dhananjay Bhardwaj

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi @dhananjaygbhardwaj,

So, this is happening as you don’t have an SSL to your IP address, which is normal. However, when you try to enter via HTTPS, Nginx tries to find an SSL and the first SSL it finds is your website’s, thus showing your website.

To stop this, you can create another listen directive for your default configuration file on port 443 which redirects to a 404 error like you’ve done for your port 80

        listen 80;
        server_name example.com www.example.com;
    return 404; # managed by Certbot

Regards,
KFSys

  • Thanks @KFSys!

    If I want to redirect my IP access (both over HTTP and HTTPS) to domain URL, how do I do that?

    When I asked to DigitalOCean support on what should a good practice, they suggested to redirect droplet IP access to the domain URL and referred to this article.

    According to that article, I should use something like this:

    server {
      server_name 45.55.20.xx;
      return 301 http://yourdomain.com;
    }
    
  • Here’s what I have done. I am not sure if this is the correct approach or not. Please correct if anything’s wrong.

    ...........
    
    map $sent_http_content_type $expires {
        default                    off;
        text/html                  epoch;
        text/css                   max;
        application/javascript     max;
        ~image/                    max;
    }
    
    server {
      listen 80;
      server_name 30.xx.xxx.xxx;
      return 301 http://example.com;
    }
    
    server {
      listen 443;
      server_name 30.xx.xxx.xxx;
      return 301 http://example.com;
    }
    
    server {
        if ($host = www.example.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
    
    
        if ($host = example.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
    
    
            listen 80;
            server_name example.com www.example.com;
        return 404; # managed by Certbot
    
        expires $expires;
    }
    
    edited by MattIPv4

Hi @dhananjaygbhardwaj,

regarding the last comment. I’ll recommend doing an actual 301 redirection to the website itself rather than just leaving it to open the website’s information. That way you won’t have the SSL error you are describing.

  • Thank you. How do you propose I do it?

    Are you referring to the one as proposed by GeekFlare in their article? Like so:

    server {
        server_name 45.55.20.xx;
        return 301 http://yourdomain.com;
    }
    

    If yes, then in the code above, should I replace “http://yourdomain.com” with “https://www.yourdomain.com” since I am serving the website URL with HTTPS and WWW?

    • Hi @dhananjaygbhardwaj,

      The server block you provided looks perfect, I’d go with that and yes changing to https should be fine.

      • Thank you for all your time and patience.

        I ended up learning a couple of new things about Nginx server blocks and redirects.

      • While I implement the following, it works very well when just the IP is entered without HTTP or HTTPS.

        server {
            server_name 45.55.20.xx;
            return 301 https://www.yourdomain.com;
        }
        

        However, when I force it over HTTPS, the IP is still accessible. So, I went ahead and read all your previous replies, all the way back to the first one, which seems to be my answer.

        So, I ended up creating the following block (along with the one above).

        server {
            server_name 45.55.20.xx;
            return 301 http://yourdomain.com;
        }
        
        server {
            listen 443;
            server_name 45.55.20.xx;
            return 403;
        }
        

        Does it seem alright to you?

        • Yep, that’s alright. You’ve created a listen directive on port 443 for your IP address to redirect to 403.

          You should be able to put the domain there as well.

Submit an Answer