We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
[TUTORIAL] Disable Direct IP Access.
[TUTORIAL] Disable Direct IP Access.
If you have ever used VestaCP on your server you may have noticed once you set-up a website on it, accessing your server on it's IP at port 80 will show the latest website you have added to it.
This can be very bad for a lot of reasons and here are some.
1. If you are using Cloudflare hackers may find your server's IP using Shodan.io and DDoS it.
2. If you are hosting a TOR website people may find your server's IP and report it to the police. (In case you are hosting something forbidden)
Fortunately, this can be fixed quite easily, just follow these steps.
1. Download this zip and upload the contents to "/etc/nginx/conf.d"
2. cd "/etc/nginx/conf.d"
Now you will see that there some files in the directory but the file we are looking is [YOUR SERVER IP].conf
In my case it is 92.222.36.xxx.conf
We will need to rename it because we will be replacing it,
we will rename it to 92.222.36.xxx.conf.old in case we ever want to undo this process.
3. mv 92.222.36.xxx.conf 92.222.36.xxx.conf.old
4. Now we will edit DirectAccessConfig.conf.
This is how it looks currently
5. mv DirectAccessConfig.conf 92.222.36.xxx.conf
Now we need to restart NGINX
6. service nginx restart.
And it's done.
If you have any questions please ask!
This can be very bad for a lot of reasons and here are some.
1. If you are using Cloudflare hackers may find your server's IP using Shodan.io and DDoS it.
2. If you are hosting a TOR website people may find your server's IP and report it to the police. (In case you are hosting something forbidden)
Fortunately, this can be fixed quite easily, just follow these steps.
1. Download this zip and upload the contents to "/etc/nginx/conf.d"
2. cd "/etc/nginx/conf.d"
Now you will see that there some files in the directory but the file we are looking is [YOUR SERVER IP].conf
In my case it is 92.222.36.xxx.conf
We will need to rename it because we will be replacing it,
we will rename it to 92.222.36.xxx.conf.old in case we ever want to undo this process.
3. mv 92.222.36.xxx.conf 92.222.36.xxx.conf.old
4. Now we will edit DirectAccessConfig.conf.
This is how it looks currently
Just replace [SERVER IP GOES HERE] with your IP, in my case it looks like thisserver {
listen [SERVER IP GOES HERE]:80 default;
server_name _;
return 444;
}
server {
listen [SERVER IP GOES HERE]:443 ssl default;
server_name _;
ssl on;
ssl_certificate /etc/nginx/conf.d/dummy.pem;
ssl_certificate_key /etc/nginx/conf.d/dummy.key;
return 444;
}
DirectAccessConfig.conf is the replacement for 92.222.36.xxx.conf so we will rename itserver {
listen 92.222.36.xxx:80 default;
server_name _;
return 444;
}
server {
listen 92.222.36.xxx:443 ssl default;
server_name _;
ssl on;
ssl_certificate /etc/nginx/conf.d/dummy.pem;
ssl_certificate_key /etc/nginx/conf.d/dummy.key;
return 444;
}
5. mv DirectAccessConfig.conf 92.222.36.xxx.conf
Now we need to restart NGINX
6. service nginx restart.
And it's done.
If you have any questions please ask!
Re: [TUTORIAL] Disable Direct IP Access.
1- thanks for sharing
2- i am going to test this. one question just pops up in mind.
Q- how to access server then? , my assumption is, http:serverip:8083 will remain working.? right
EDIT > (after 10 minutes)
i tried and wasn't able to restart nginx successfully. plus as a result , all websites on server stopped working. any ideas? hope to hear soon, thanks
2- i am going to test this. one question just pops up in mind.
Q- how to access server then? , my assumption is, http:serverip:8083 will remain working.? right
EDIT > (after 10 minutes)
i tried and wasn't able to restart nginx successfully. plus as a result , all websites on server stopped working. any ideas? hope to hear soon, thanks
-
- Posts: 43
- Joined: Tue Apr 18, 2017 7:55 am
Re: [TUTORIAL] Disable Direct IP Access.
what is the point of this if one is still hosting mail on the same webserver?
wouldnt the following reveal public ip address?
1. mx records (which are publicly viewable unless you also use an external mail provider such as Zoho or gmail etc)
2. SSL certificate,
3. text in html and headers
4. DNS historical search (chances are you didn't change ip at the time of transferring to say Cloudflare)
Not to say this isnt a nobel idea...just that its a bit more involved than "i can just hide my ipaddress"
wouldnt the following reveal public ip address?
1. mx records (which are publicly viewable unless you also use an external mail provider such as Zoho or gmail etc)
2. SSL certificate,
3. text in html and headers
4. DNS historical search (chances are you didn't change ip at the time of transferring to say Cloudflare)
Not to say this isnt a nobel idea...just that its a bit more involved than "i can just hide my ipaddress"