Share

Question

Hi,

I have a droplet with Dokku and my site is running all ok with my own domain www.mydomain.com.

However its also accessible through the public IP address.

I was just wondering:

1 - Is this a security risk in any way? The site has SSL however that is linked to mydomain.com, if you visit the page with the IP, you’ll see the ‘certificate warning error’ - CERTCOMMONNAME_INVALID. So if someone uses that, they are risking their data being passed unencrypted.

2 - I’ve disabled it using:

server {
   server_name 1xx.xx.xxx.xx;
   return 301 https://www.mydomain.com;
}

in the default file located at /etc/nginx/sites-enabled. This works, however is it the correct approach?

Thanks.

Answer 1

Woet January 25, 2017

There’s no risk and your 301 is the correct approach.

Reply Report

Answer 2

jtittle1 January 25, 2017

@psmod2

Access via the IP will always be an option as you have to have a public IP of some sort to allow others to connect.

If you’re only hosting a single domain on the Droplet, or if you have a preferred domain for a redirect, you could always force redirect direct IP access to a domain.

For example:

server {
    listen 80;
    server_name DROPLET_IP;

    return 301 $scheme://yourdomain.com$request_uri;
}

Simply replace DROPLET_IP with the public IP address of your Droplet and yourdomain.com with the domain you’d like to redirect to.

The $scheme and $request_uri portions will handle enforcing HTTP/HTTPS and the requests.

Reply Report

Related

Question

Is there a risk to my website with my public ip address?

Leave a comment

Looking for something else?

Share

Share your Question

Related

Question

Is there a risk to my website with my public ip address?

Leave a comment

Related

question

Dokku app showing on all subdomains

question

How to add a custom 404 page to nginx app on dokku

question

Nginx - SSL and Handling www / non.www domains

question

Serving two websites on one Nginx

Looking for something else?

Almost there!