Is there a risk to my website with my public ip address?
Hi,
I have a droplet with Dokku and my site is running all ok with my own domain www.mydomain.com.
However its also accessible through the public IP address.
I was just wondering:
1 - Is this a security risk in any way? The site has SSL however that is linked to mydomain.com, if you visit the page with the IP, you'll see the 'certificate warning error' - CERTCOMMONNAME_INVALID. So if someone uses that, they are risking their data being passed unencrypted.
2 - I've disabled it using:
server {
server_name 1xx.xx.xxx.xx;
return 301 https://www.mydomain.com;
}
in the default
file located at /etc/nginx/sites-enabled
. This works, however is it the correct approach?
Thanks.