1.只允许白名单中IP访问系统
1.1 nginx配置
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
client_body_buffer_size 720K;
client_max_body_size 20m;
geo $remote_addr $geo80 {
default 0; #0表示禁止访问
include /etc/nginx/white_80ip.conf;
}
server {
listen 80;
server_name localhost;
underscores_in_headers on;
location / {
if ( $geo80 = 0 ) {
return 403;
}
root /usr/share/nginx/html/hpcoder_web;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
1.2 白名单
white_80ip.conf 内容
allow 192.168.2.101
allow 192.168.2.102
2. 只允许白名单中IP访问指定端口
2.1 nginx 配置
stream {
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /var/log/nginx/tcp-access.log proxy ;
open_log_file_cache off;
include /etc/nginx/conf.d/*.stream;
upstream p1{
server 192.168.18.23:17000;
}
upstream p2{
server 192.168.18.20:22;
}
server{
listen 17000;
include /etc/nginx/p1.conf;
deny all;
proxy_pass p1;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server{
listen 17222;
#include /etc/nginx/p1.conf;
#deny all;
proxy_pass p2;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
}
2.2 白名单
p1.conf
allow 192.168.18.2
allow 192.168.18.5
2.3 应用场景
代理UDP端口、许可管理…
3. 执行脚本
3.1 脚本内容
#!/bin/bash
function usage()
{
printf "Usage $0 options:
options:
add: 增加指定ip到指定端口
del: 删除指定ip到指定端口
Eg:
增加: $0 add software_name add_ip
删除:$0 del software_name del_ip
"
}
file=/etc/nginx/${2}.conf
if [ ! -f ${file} ];then
touch ${file}
fi
if [ $# -eq 0 ];then
usage
exit 1
fi
case $1 in
add)
ip=$3
if [ $# -ne 3 ];then
usage
exit 1
else
sed -i "/^allow $ip/d" $file
echo "allow ${ip};" >>$file
fi
;;
del)
ip=$3
if [ $# -ne 3 ];then
usage
exit 1
else
sed -i "/^allow $ip/d" $file
fi
;;
*)
echo "Usage: $0 add || del"
exit 1
esac
service nginx reload >>/dev/null
3.2 调用方式
添加
./write.sh add p1 192.168.6.2
删除
./write.sh del p1 192.168.6.3