[{"data":1,"prerenderedAt":222},["ShallowReactive",2],{"page-/post/zzao/keep-domain-safe":3,"surrounding-page":213},{"id":4,"title":5,"author":6,"body":7,"date":202,"description":13,"extension":203,"group":6,"lastmod":204,"meta":205,"navigation":85,"path":206,"rawbody":207,"seo":208,"showTitle":5,"stem":209,"tags":210,"versions":6,"__hash__":212},"content/post/zzao/keep-domain-safe.md","如何防止别人把域名解析到自己的服务器公网 ip 上",null,{"type":8,"value":9,"toc":200},"minimark",[10,14,17,20,23,26,29,32,35,52,55,58,99,106,113,123,130,178,181,184,187,190,193,196],[11,12,13],"p",{},"我遇到了一个很奇葩的问题，以前没遇到过：就是有个网站解析到了我服务器 ip 上。",[11,15,16],{},"我是怎么发现的呢，一开始我是在看 CDN 的监控指标，里面有个 referer 来源，本来应该都是我自己的域名，但是跑出来一个陌生的域名。",[11,18,19],{},"于是我打开了这个域名，好嘛，这不就是我的网站么🥲",[11,21,22],{},"这个域名还是个子域名，主域名上什么也没有，也看不到他的购买信息。本来想去问候一下。",[11,24,25],{},"我就开始寻找解决办法，求助 AI，求助身边的运维朋友，可惜朋友没回...",[11,27,28],{},"然后我就先把 cookie 的 samesite、domain、secure 设置好，确保接口不会被一直调用。但是我文章里的图片是个问题啊...  因为我把图片都存在了腾讯云上，他这个网站访问的时候，也会走我的流量，但是我当时又没找到办法解决，只好把主域名的 Nginx 配置先停掉了",[11,30,31],{},"过了几天后，我又想起这个事儿，然后又换了个 AI 问了一遍，还是让我设置 Nginx 就行",[11,33,34],{},"显示加了一个",[36,37,42],"pre",{"className":38,"code":39,"language":40,"meta":41,"style":41},"language-nginx shiki shiki-themes github-light","add_header X-Frame-Options \"SAMEORIGIN\";\n","nginx","",[43,44,45],"code",{"__ignoreMap":41},[46,47,50],"span",{"class":48,"line":49},"line",1,[46,51,39],{},[11,53,54],{},"这个只是不允许其他网站嵌入",[11,56,57],{},"然后又设置的",[36,59,61],{"className":38,"code":60,"language":40,"meta":41,"style":41},"server {\n    listen 80 default_server;  # 这个 server 块是默认的\n    server_name _;  # 匹配所有未定义的域名\n\n    return 301 https://zzao.club$request_uri;  # 重定向到 HTTPS\n}\n",[43,62,63,68,74,80,87,93],{"__ignoreMap":41},[46,64,65],{"class":48,"line":49},[46,66,67],{},"server {\n",[46,69,71],{"class":48,"line":70},2,[46,72,73],{},"    listen 80 default_server;  # 这个 server 块是默认的\n",[46,75,77],{"class":48,"line":76},3,[46,78,79],{},"    server_name _;  # 匹配所有未定义的域名\n",[46,81,83],{"class":48,"line":82},4,[46,84,86],{"emptyLinePlaceholder":85},true,"\n",[46,88,90],{"class":48,"line":89},5,[46,91,92],{},"    return 301 https://zzao.club$request_uri;  # 重定向到 HTTPS\n",[46,94,96],{"class":48,"line":95},6,[46,97,98],{},"}\n",[11,100,101,102,105],{},"即 ",[43,103,104],{},"80"," 端口上如果有我没配的域名，则重定向到我的域名",[11,107,108,109,112],{},"当时尝试了，没成功，应该是因为加了 ",[43,110,111],{},"https","，导致规则没走这条。大意了！",[11,114,115,116,118,119,122],{},"这次把 ",[43,117,111],{}," 换成 ",[43,120,121],{},"http","，发现其实是生效的",[11,124,125,126,129],{},"于是照猫画虎，把 ",[43,127,128],{},"443"," 端口也堵上",[36,131,133],{"className":38,"code":132,"language":40,"meta":41,"style":41},"server {\n    listen 443 default_server;  # 这个 server 块是默认的\n    server_name _;  # 匹配所有未定义的域名\n    \n    ssl_certificate /etc/nginx/aaa.pem;  # 指定证书的位置，绝对路径\n    ssl_certificate_key /etc/nginx/bbb.key;  # 绝对路径，同上\n\n    return 301 https://zzao.club$request_uri;  # 重定向到 HTTPS\n}\n",[43,134,135,139,144,148,153,158,163,168,173],{"__ignoreMap":41},[46,136,137],{"class":48,"line":49},[46,138,67],{},[46,140,141],{"class":48,"line":70},[46,142,143],{},"    listen 443 default_server;  # 这个 server 块是默认的\n",[46,145,146],{"class":48,"line":76},[46,147,79],{},[46,149,150],{"class":48,"line":82},[46,151,152],{},"    \n",[46,154,155],{"class":48,"line":89},[46,156,157],{},"    ssl_certificate /etc/nginx/aaa.pem;  # 指定证书的位置，绝对路径\n",[46,159,160],{"class":48,"line":95},[46,161,162],{},"    ssl_certificate_key /etc/nginx/bbb.key;  # 绝对路径，同上\n",[46,164,166],{"class":48,"line":165},7,[46,167,86],{"emptyLinePlaceholder":85},[46,169,171],{"class":48,"line":170},8,[46,172,92],{},[46,174,176],{"class":48,"line":175},9,[46,177,98],{},[11,179,180],{},"再次访问那个域名，会自动跳到我的域名了！",[11,182,183],{},"虽然解决了，但是还是很奇怪",[11,185,186],{},"解析到我的网站有什么用呢，我的网站没有用户，没有价值....",[11,188,189],{},"还是说他只是批量的尝试，碰巧扫到我的了",[11,191,192],{},"不过有了这次的经历，Nginx 的配置倒又学到了一点😛",[11,194,195],{},"sss",[197,198,199],"style",{},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":41,"searchDepth":70,"depth":70,"links":201},[],"2024-12-04T00:00:00.000Z","md","2025-02-12T00:00:00.000Z",{},"/post/zzao/keep-domain-safe","---\ntitle: 如何防止别人把域名解析到自己的服务器公网 ip 上\ndate: 2024-12-04\nlastmod: 2025-02-12\ntags: [\"Nginx\"]\nshowTitle: 如何防止别人把域名解析到自己的服务器公网 ip 上\n---\n我遇到了一个很奇葩的问题，以前没遇到过：就是有个网站解析到了我服务器 ip 上。\n\n我是怎么发现的呢，一开始我是在看 CDN 的监控指标，里面有个 referer 来源，本来应该都是我自己的域名，但是跑出来一个陌生的域名。\n\n于是我打开了这个域名，好嘛，这不就是我的网站么🥲\n\n这个域名还是个子域名，主域名上什么也没有，也看不到他的购买信息。本来想去问候一下。\n\n我就开始寻找解决办法，求助 AI，求助身边的运维朋友，可惜朋友没回...\n\n然后我就先把 cookie 的 samesite、domain、secure 设置好，确保接口不会被一直调用。但是我文章里的图片是个问题啊...  因为我把图片都存在了腾讯云上，他这个网站访问的时候，也会走我的流量，但是我当时又没找到办法解决，只好把主域名的 Nginx 配置先停掉了\n\n过了几天后，我又想起这个事儿，然后又换了个 AI 问了一遍，还是让我设置 Nginx 就行\n\n显示加了一个 \n\n```nginx\nadd_header X-Frame-Options \"SAMEORIGIN\";\n```\n\n这个只是不允许其他网站嵌入\n\n然后又设置的\n\n```nginx\nserver {\n\tlisten 80 default_server;  # 这个 server 块是默认的\n\tserver_name _;  # 匹配所有未定义的域名\n\n\treturn 301 https://zzao.club$request_uri;  # 重定向到 HTTPS\n}\n```\n\n即 `80` 端口上如果有我没配的域名，则重定向到我的域名\n\n当时尝试了，没成功，应该是因为加了 `https`，导致规则没走这条。大意了！\n\n这次把 `https` 换成 `http`，发现其实是生效的\n\n于是照猫画虎，把 `443` 端口也堵上\n\n```nginx\nserver {\n\tlisten 443 default_server;  # 这个 server 块是默认的\n\tserver_name _;  # 匹配所有未定义的域名\n\t\n\tssl_certificate /etc/nginx/aaa.pem;  # 指定证书的位置，绝对路径\n\tssl_certificate_key /etc/nginx/bbb.key;  # 绝对路径，同上\n\n\treturn 301 https://zzao.club$request_uri;  # 重定向到 HTTPS\n}\n```\n\n再次访问那个域名，会自动跳到我的域名了！\n\n虽然解决了，但是还是很奇怪\n\n解析到我的网站有什么用呢，我的网站没有用户，没有价值....\n\n还是说他只是批量的尝试，碰巧扫到我的了\n\n不过有了这次的经历，Nginx 的配置倒又学到了一点😛\n\nsss",{"title":5,"description":13},"post/zzao/keep-domain-safe",[211],"Nginx","NF0-WVUJ99m0qKlbvtS0xg9pFqK2x2XGqYcr2m_1l_A",[214,218],{"title":215,"path":216,"stem":217},"OpenClaw 安装入门（Windows）","/post/zzao/openclaw/openclaw-install-windows","post/zzao/openclaw/openclaw-install-windows",{"title":219,"path":220,"stem":221},"假设你是AI，你的Skill应该是什么样的","/post/zzao/ai-skill-structure","post/zzao/ai-skill-structure",1779005086477]