Hello.
I have your letsencrypt (nginx reverse proxy). Everything normally works for me, but when I enter the ip address of the server, the “Welcome to our server” page is displayed.
I need to turn this off so that nothing is displayed when I enter my public IP address. I need the connection to fail.
But I need to keep all other rules still working (access from domain / subdomain).
I searched, but I didn’t find any instructions. Is it possible to set it? Can you advise me please?
The default_server directive in your default site conf is responsible for that behavior. Basically if nginx receives a request for an address that doesn’t match any of the server blocks, it gets sent to the default_server block. You can create a catch all default block that uses a deny all
Somehow I imagined the solution, but I was not able to find a solution to change it. Could you please write me where to make a change? Or at least send me a link where I can read detailed information for this particular edit? I searched again, but I was not successful.
After a long search, I managed to find a solution. I edited the “letsencrypt / nginx / site-confs / default” file. Result:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
client_max_body_size 0;
return 444;
}
# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;
# enable proxy cache for auth
proxy_cache_path cache/ keys_zone=auth_cache:10m;
Is it right? Can it be done differently and better?
The only issue with this is, if you decide to use any of the subfolder proxy confs, they will also get the 444
To prevent that, you could have created a new server block with just the blank server name, default server and the 444, and changed the original main server block so it had your domain as the server name and without default server.
I don’t use a subfolder but it would be good to have it working. Unfortunately, I don’t know how to change that. Could you please send me the corrected configuration, where will this work?
Why dont you just forward to google or somewhere else the root record ?
## Version 2020/03/05 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default
# redirect all traffic to https
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# catch all server block
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
client_max_body_size 0;
return 444;
}
# main server block
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /config/www;
index index.html index.htm index.php;
server_name my.domain.com; # <-- change this to match your domain
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
# enable for ldap auth
#include /config/nginx/ldap.conf;
client_max_body_size 0;
location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
# location ^~ /cp {
# auth_basic "Restricted";
# auth_basic_user_file /config/nginx/.htpasswd;
# include /config/nginx/proxy.conf;
# proxy_pass http://192.168.1.50:5050/cp;
# }
}
# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
#
# root /config/www;
# index index.html index.htm index.php;
#
# server_name cp.*;
#
# include /config/nginx/ssl.conf;
#
# client_max_body_size 0;
#
# location / {
# auth_basic "Restricted";
# auth_basic_user_file /config/nginx/.htpasswd;
# include /config/nginx/proxy.conf;
# proxy_pass http://192.168.1.50:5050;
# }
#}
# sample reverse proxy config for "heimdall" via subdomain, with ldap authentication
# ldap-auth container has to be running and the /config/nginx/ldap.conf file should be filled with ldap info
# notice this is a new server block, you need a new server block for each subdomain
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
#
# root /config/www;
# index index.html index.htm index.php;
#
# server_name heimdall.*;
#
# include /config/nginx/ssl.conf;
#
# include /config/nginx/ldap.conf;
#
# client_max_body_size 0;
#
# location / {
# # the next two lines will enable ldap auth along with the included ldap.conf in the server block
# auth_request /auth;
# error_page 401 =200 /login;
#
# include /config/nginx/proxy.conf;
# resolver 127.0.0.11 valid=30s;
# set $upstream_app heimdall;
# set $upstream_port 443;
# set $upstream_proto https;
# proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# }
#}
# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;
# enable proxy cache for auth
proxy_cache_path cache/ keys_zone=auth_cache:10m;
Thank you very much for the solution. Everything works as it should. 
Hello,
just tried your solution but I found that all subfolder locations are redirected to 444 too, while it is working on subdomains.
any suggestion please?
thank you