psmod2
By:
psmod2

Is there a risk to my website with my public ip address?

January 25, 2017 649 views
Nginx Dokku

Hi,

I have a droplet with Dokku and my site is running all ok with my own domain www.mydomain.com.

However its also accessible through the public IP address.

I was just wondering:

1 - Is this a security risk in any way? The site has SSL however that is linked to mydomain.com, if you visit the page with the IP, you'll see the 'certificate warning error' - CERTCOMMONNAME_INVALID. So if someone uses that, they are risking their data being passed unencrypted.

2 - I've disabled it using:

server {
   server_name 1xx.xx.xxx.xx;
   return 301 https://www.mydomain.com;
}

in the default file located at /etc/nginx/sites-enabled. This works, however is it the correct approach?

Thanks.

2 Answers

There's no risk and your 301 is the correct approach.

@psmod2

Access via the IP will always be an option as you have to have a public IP of some sort to allow others to connect.

If you're only hosting a single domain on the Droplet, or if you have a preferred domain for a redirect, you could always force redirect direct IP access to a domain.

For example:

server {
    listen 80;
    server_name DROPLET_IP;

    return 301 $scheme://yourdomain.com$request_uri;
}

Simply replace DROPLET_IP with the public IP address of your Droplet and yourdomain.com with the domain you'd like to redirect to.

The $scheme and $request_uri portions will handle enforcing HTTP/HTTPS and the requests.

Have another answer? Share your knowledge.