近段时间在做项目的时候 ,项目上线遇到的一个问题,想要通过nginx做ip白名单,由于入口是阿里云的SLB做的负载,然后发现做的ip白名单无效,即allow:10.39.131.228不生效,于是查看nginx日志,看到的ip都是那么几个(这时候还不知道这些事slb的ip),后面同事说这可能是slb的ip,然后找同事验证,果然是slb的ip,那么就找到问题了,nginx没有获取到真实的ip,然后百度了下,改了下nginx的配置,再reload。成功,以下红色加粗是 修改的配置:
server {
listen 88;
server_name your.domainname;
location / {
rewrite ^(.*) https://$server_name$1 permanent;
}
error_page 500 502 503 504 /404.html;
location = /404.html {
root html;
}
}
server {
listen 80;
server_name your.domainname;
location ~ .*\.(html|htm|git|jpg|jpeg|bmp|png|ico|txt|js|css)$ {
proxy_pass https://upstream_name;
}
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
proxy_pass https://upstream_name;
}
access_log logs/your.domainname_access.log;
error_page 500 502 503 504 /404.html;
location = /404.html {
root html;
}
}