nginx配置白名单

配置如下：

http模块：

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    geo $remote_addr $geo {
           default 0; #0表示禁止访问
           127.0.0.1 1; #1表示可以访问
        }


    include /usr/local/nginx/conf.d/*.conf;
}

server模块：

server {
      listen 80;
      server_name jenkins.aa.bb;
      location / {
        # 如果不是白名单则 显示403 禁止访问
        if ( $geo  = 0 ) {
             return 403;
         }
         proxy_set_header        Host $host:$server_port;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;

         # Fix the "It appears that your reverse proxy set up is broken" error.
         #proxy_pass          http://127.0.0.1:9792;
         proxy_pass          http://127.0.0.1:59932;
         proxy_read_timeout  90;

         #proxy_redirect      http://127.0.0.1:9792 https://jenkins.qinhej.top;

         #Required for new HTTP-based CLI
         proxy_http_version 1.1;
         proxy_request_buffering off;
      }
    }

　　

转载于:https://www.cnblogs.com/caidingyu/p/10868829.html