IP白名单
1、安装nginx
1.1、下载对应docker
docker pull nginx:1.21.3-alpine
1.2、创建安装目录
cd
mkdir -p ./data/nginx/{conf,log,html}
1.3、创建配置文件
cd
vi ./data/nginx/conf/nginx.conf
内容
user nobody;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 16384;
events {
use epoll;
worker_connections 16384;
}
http {
include mime.types;
default_type application/octet-stream;
log_format normal '$remote_addr | [$time_local] | $host | $request | '
'$status | $body_bytes_sent | $http_referer | '
'$http_user_agent | $http_x_forwarded_for | '
'$upstream_addr | $upstream_status | $upstream_response_time | '
'$server_addr | $request_time '
'upstream_response_time $upstream_response_time request_time $request_time ';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
access_log on;
sendfile on;
tcp_nopush on;
# keepalive_timeout 0;
keepalive_timeout 65;
reset_timedout_connection on;
server_names_hash_bucket_size 128;
client_header_buffer_size 16k;
large_client_header_buffers 4 32k;
client_body_buffer_size 512k;
client_max_body_size 1000m;
client_header_timeout 10;
client_body_timeout 10;
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
gzip on;
gzip_min_length 2k;
gzip_buffers 4 32k;
# gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types application/json text/plain application/x-javascript application/javascript text/javascript text/css application/xml text/xml font/ttf font/otf image/svg+xml;
server {
listen 8500;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
1.4、创建部署脚本
cd
mkdir -p shell
vi ./shell/nginx.sh
内容
#!/bin/bash
NAME=nginx
VERSION=1.21.3-alpine
docker run -d \
-p 8500:8500 \
--name ${NAME} \
-v /etc/localtime:/etc/localtime \
-v /home/appuser/data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /home/appuser/data/nginx/log:/var/log/nginx \
--restart=unless-stopped nginx:${VERSION}
1.5、执行启动脚本
cd
chmod +x ./shell/nginx.sh
./shell/nginx.sh
1.6、访问验证
http://IP:8500/index.html
2、nginx 白名单
2.1、创建白名单
cd
cd ./data/nginx/conf/
vi ip_white.ip
内容如下
10.207.0.141 1;
10.207.2.143 1;
10.207.2.123 1;
10.207.2.140 1;
2.2、修改nginx配置
新增
geo $remote_addr $ip_white {
default 0;
include ip_white.ip;
}
# 要经过白名单的服务,因为我的是服务是8500,所以直接修改上面的配置
# 8501 是我要访问的服务
server {
listen 8500;
location / {
if ($ip_white = 0) {
return 403;
}
proxy_pass http://10.207.2.143:8501;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
2.3、修改启动脚本
#!/bin/bash
NAME=nginx
VERSION=1.21.3-alpine
docker run -d \
-p 8500:8500 \
--name ${NAME} \
-v /etc/localtime:/etc/localtime \
# 新增
-v /home/appuser/data/nginx/conf/ip_white.ip:/etc/nginx/ip_white.ip \
-v /home/appuser/data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /home/appuser/data/nginx/log:/var/log/nginx \
--restart=unless-stopped nginx:${VERSION}