环境 centos7.6、 nginx 1.16.1
背景:nginx 服务器已经配置好了公网 ip 和 域名证书(公网 ip 对我来说是透明的,没有管理权限,所以只好在 nginx 服务器上做 ip 限制)
未修改之前,登录日志的 remote_addr 总是为 192.12.182.3,猜测这个为 公网 ip 对应的内网 ip。现在操作只允许公网 ip 120.231.12.24 和 192.12.182.3 访问。
安装 nginx 请看这里
[root@ansible002 ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 90;
server_name localhost;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://10.2.1.16;
set_real_ip_from 192.12.182.3; # 设置 real_ip 来自 192.12.182.3
real_ip_header X-Forwarded-For; # 色和只 real _ip_header
allow 163.179.110.210;
allow 120.231.12.24;
allow 192.12.182.3;
deny all;
}
#修改 404 html 页面到 custom_404.html
error_page 404 /custom_404.html;
location /custom_404.html {
root /usr/share/nginx/html;
internal;
}
#修改 50x html 页面到 custom_50x.html
error_page 500 502 503 504 /custom_50x.html;
location /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
}
}
重新加载 nginx 配置
nginx -s reload
扫一扫
3188
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
