Nginx中屏蔽非指定域名的访问

# 强制 HTTP 跳转到 HTTPS
server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;  # 301 永久重定向
}



server {
        listen 443 ssl;
        access_log on;
        server_name example.com www.example.com; #只允许这两个域名的访问，其他域名或ip都不允许访问。
        access_log /var/log/nginx/example.access.log;
        error_log /var/log/nginx/example.error.log;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers off;
        ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
        resolver 1.1.1.1 8.8.4.4 8.8.8.8 valid=300s;
        resolver_timeout 10s;
        ssl_session_cache shared:SSL:32m;
        ssl_session_timeout 10m;

        #配置ssl证书
        ssl_certificate /etc/ssl/example.com/fullchain1.pem;
        ssl_certificate_key /etc/ssl/example.com/privkey1.pem;

        location / {
                root /var/www/site;
                index index.html;

        }

        #负载均衡后端api访问。
       location /api {
               proxy_pass http://127.0.0.1:5000;  # 注意结尾的斜杠（会去除/api前缀）
               proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;  # 获取真实客户端IP[2,4](@ref)
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
       }

}