对外暴露虚假的地址,真实地址限制为内部调用。当对外地址转发到内部服务器,可做拦截、验证等等,校验通过后,再做静态转发。代码如下:
#nginx 配置
#对外暴露的地址
location /public/api {
proxy_pass http://192.168.0.100:10086;
index index.html index.htm;
}
#真实服务地址
location /private/api {
# 限制为内部调用
internal;
proxy_pass http://192.168.0.200:10010;
index index.html index.htm;
}
// 192.168.0.100:10086端口后台服务
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Slf4j
@RestController
public class TestController {
/**
* 拦截所有请求
**/
@RequestMapping(value = "/**")
public void auth (@RequestBody String body, HttpServletRequest request, HttpServletResponse response) {
String requestURI = request.getRequestURI();
// TODO 完善自己的验证规则
if(requestURI.startsWith("/public/")){
response.setStatus(500);
return;
}
// TODO 完善自己的路由规则
String interForwardURL = requestURI.replaceAll("/public/", "/private/");
response.addHeader("X-Accel-Redirect",interForwardURL);
response.setStatus(200);
}
}
// 192.168.0.200:10010 后台服务
@RestController
@RequestMapping("/private")
public class TestController {
@RequestMapping(value ="/api",method = {RequestMethod.GET,RequestMethod.POST})
public void testMethod(@RequestBody TestDTO testDTO){
System.out.println("success");
}
}
http://192.168.0.200:10010/private/api 请求失败(404 Not Found)
http://192.168.0.100:10086/public/api 请求成功(200 OK)