Secure ERPNext server - Prevent access using undefined server names

Once you have ERPNext on cloud up and running, security will be a major concern. Normally we use https on random ports to avoid unwanted access attempts. It is important to stop anyone trying to acces

 · 1 min read

Application Security with NGINX - NGINX

On your nginx conf.d folder  - create another conf file named default.conf

Add the following lines


( Assume 8111 and 8222 are two seprate ERPNext instances )


server {

       listen 8111 ssl default_server;

       listen 8222 ssl default_server;

       ssl_certificate   /etc/letsencrypt/live/site1.example.com/fullchain.pem;   # ( Any certificate available in the server , doesn't matter which one )

       ssl_certificate_key /etc/letsencrypt/live/site2.example.com/privkey.pem;  # ( Any certificate available in the server , doesn't matter which one )

       ssl_stapling off;

       return 444;

       }


In nginx "default_server" means , any hostname including IP addresses.


restart nginx  ( service nginx restart ) .


After that, only users with correct host/domain name will get access to the login page of ERPGulf/ERPNext.


Always Use 444 ( not 404 or 403) to stop crawlers from accessing server by IP or wrong hostname. 444 simply cut the connection. No more reply. Saves bandwidth.

  1. 403 Forbidden Error
  2. 404 Not Found Error
  3. 444 Connection Closed Without Response



Published on
Cloud support

Cloud support team provides hosting related support and technology updates. Cover technology like cloud printing, Cloud PBAX, VoIP, Kubernetes, Ubuntu, Linux etc. Contact us on support@ERPGulf.com

No comments yet

No comments yet. Start a new discussion.

Add Comment