nginx 配置 白名单

如果你的服务器被攻击很厉害,而且服务器是自己练手的,不需要其他用户访问的,那么就可以配置一下nginx的白名单,规定有哪些ip可以访问你的服务器

配置如下:

http模块:


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    geo $remote_addr $geo {
           default 0; #0表示禁止访问
           127.0.0.1 1; #1表示可以访问
        }


    include /usr/local/nginx/conf.d/*.conf;
}


server模块:

server {
      listen 80;
      server_name jenkins.aa.bb;
      location / {
        # 如果不是白名单则 显示403 禁止访问
        if ( $geo  = 0 ) {
             return 403;
         }
         proxy_set_header        Host $host:$server_port;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;

         # Fix the "It appears that your reverse proxy set up is broken" error.
         #proxy_pass          http://127.0.0.1:9792;
         proxy_pass          http://127.0.0.1:59932;
         proxy_read_timeout  90;

         #proxy_redirect      http://127.0.0.1:9792 https://jenkins.qinhej.top;

         #Required for new HTTP-based CLI
         proxy_http_version 1.1;
         proxy_request_buffering off;
      }
    }

你可能感兴趣的:(javaweb技术,互联网技术,安全)