NginxÏÞÖÆ»á¼ûIP¶ÎÉèÖã¬Ìá¸ßÍøÕ¾Çå¾²ÐÔ
nginxÏÞÖÆ»á¼ûip¶ÎÉèÖã¬Ìá¸ßÍøÕ¾Çå¾²ÐÔ
ÔÚµ±½ñ»¥ÁªÍøʱ´ú£¬ÍøÕ¾Çå¾²ÊÇÈκÎÆóÒµ»òСÎÒ˽¼ÒÖ÷Òª¹Ø×¢µÄÎÊÌâÖ®Ò»¡£Ìᳫ¶ñÒâ¹¥»÷µÄºÚ¿ÍºÍÍøÂç·¸·¨·Ö×Ó²ã³ö²»ÇÒÔÊDZ£»¤ÍøÕ¾ÃâÊܶñÒâÇëÇóºÍ²»·¨»á¼ûÊÇÖÁ¹ØÖ÷ÒªµÄ¡£Nginx×÷Ϊһ¿î¸ßÐÔÄܵÄWebЧÀÍÆ÷ºÍ·´ÏòÊðÀíЧÀÍÆ÷£¬ÌṩÁËÇ¿Ê¢µÄÇå¾²¹¦Ð§£¬ÆäÖÐÖ®Ò»¾ÍÊÇÏÞÖÆ»á¼ûIP¶Î¡£±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃNginxÉèÖÃÏÞÖÆ»á¼ûIP¶Î£¬Ìá¸ßÍøÕ¾µÄÇå¾²ÐÔ¡£
ΪÁËÑÝʾÕâ¸ö¹¦Ð§£¬ÎÒÃǼÙÉè×ðÁú¿Ê±ÍøÕ¾Ö»ÔÊÐíÌض¨µÄIP¶Î¾ÙÐлá¼û£¬ÆäËûIP¶Î¶¼½«±»¾Ü¾ø¡£Ê×ÏÈ£¬ÎÒÃÇÐèÒª±à¼NginxµÄÉèÖÃÎļþ£¬Í¨³£Î»ÓÚ/etc/nginx/nginx.conf»ò/etc/nginx/conf.d/default.conf¡£ÕÒµ½ÎÒÃÇÏëÒªÌí¼ÓIP»á¼ûÏÞÖƵÄЧÀÍÆ÷¿é£¬²¢ÔÚÆäÖÐÌí¼ÓÈçϵĴúÂë¶Î£º
location / { allow 192.168.0.0/24; deny all; }
µÇ¼ºó¸´ÖÆ
ÉÏÊö´úÂëÖУ¬ÎÒÃÇʹÓÃlocation /Ö¸ÁîÀ´ÏÞÖÆ»á¼ûµÄURL·¾¶£¬ÄãÒ²¿ÉÒÔƾ֤×Ô¼ºµÄÐèÇóÐÞ¸ÄΪÆäËû·¾¶¡£allowÖ¸ÁîÓÃÓÚÖ¸¶¨ÔÊÐí»á¼ûµÄIP¶Î£¬ÕâÀïµÄ192.168.0.0/24ÌåÏÖÔÊÐí»á¼ûIP¶ÎΪ192.168.0.0µ½192.168.0.255£¬¼´ÒÔ192.168.0¿ªÍ·µÄËùÓÐIPµØµã¡£deny allÖ¸ÁîÓÃÓھܾøÆäËûËùÓÐIPµØµãµÄ»á¼û¡£
±ðµÄ£¬ÈôÊÇÄãµÄÍøÕ¾»¹Ê¹ÓÃÁËHTTPS£¬Ä㻹ÐèÒªÌí¼ÓÏÂÃæµÄÉèÖÃÀ´ÆôÓÃSSLÐÒ飺
server { listen 443 ssl; ssl_certificate /path/to/certificate.crt; ssl_certificate_key /path/to/private.key; location / { allow 192.168.0.0/24; deny all; } }
µÇ¼ºó¸´ÖÆ
ÔÚÉÏÃæµÄÉèÖÃÖУ¬ÎÒÃǽ«¼àÌý¶Ë¿ÚÉèÖÃΪ443£¬Í¬Ê±Ö¸¶¨ÁËSSLÖ¤ÊéºÍ˽ԿµÄ·¾¶¡£È»ºóÎÒÃÇͬÑùʹÓÃÁËlocation /Ö¸ÁîÀ´ÏÞÖÆ»á¼ûIP¶Î¡£
Íê³ÉÒÔÉϵÄÉèÖúó£¬ÉúÑÄÎļþ²¢ÖØмÓÔØNginxµÄÉèÖá£Äã¿ÉÒÔʹÓÃÒÔÏÂÏÂÁîÖØмÓÔØNginx£º
sudo systemctl reload nginx
µÇ¼ºó¸´ÖÆ
ÖØмÓÔØÉèÖúó£¬Nginx½«×îÏÈÏÞÖÆIP¶Î»á¼û£¬Ö»ÔÊÐíÖ¸¶¨µÄIP¶Î¾ÙÐлá¼û£¬ÆäËûIP¶Î½«ÎÞ·¨»á¼ûÄãµÄÍøÕ¾¡£
ÐèҪעÖصÄÊÇ£¬Äã¿ÉÄÜÐèҪƾ֤×Ô¼ºµÄÐèÇóºÍÍøÂçÇéÐÎÉèÖÃÔÊÐíµÄIP¶Î¡£ÈôÊÇÐèÒªÔÊÐí¶à¸öIP¶Î¾ÙÐлá¼û£¬Äã¿ÉÒÔʹÓöà¸öallowÖ¸Á²¢ÔÚÿ¸öÖ¸ÁîÖ®¼äÌí¼Ó·ÖºÅ£»ÈôÊÇÐèҪɨ³ýijЩIPµØµã£¬Äã¿ÉÒÔʹÓÃdenyÖ¸Áî²¢ÔÚÆäÖÐÖ¸¶¨ÏìÓ¦µÄIPµØµã¡£
ÏÞÖÆ»á¼ûIP¶ÎÊÇÌá¸ßÍøÕ¾Çå¾²ÐÔµÄÒ»ÖÖÖ÷ÒªÒªÁ죬ͨ¹ýºÏÀíÉèÖÿÉÒÔïÔ̶ñÒâ¹¥»÷ºÍ²»·¨»á¼ûµÄΣº¦¡£Nginx×÷Ϊһ¿îÇ¿Ê¢µÄWebЧÀÍÆ÷ºÍ·´ÏòÊðÀíЧÀÍÆ÷£¬ÌṩÁËÎÞаÇÒÒ×ÓõÄIP»á¼ûÏÞÖƹ¦Ð§£¬×ÊÖúÎÒÃDZ£»¤ÍøÕ¾Çå¾²¡£Ï£Íû±¾ÎÄÄܶÔÄãÔÚNginxÉèÖÃIP»á¼ûÏÞÖÆ·½ÃæÓÐËù×ÊÖú£¬²¢Ìá¸ßÄãµÄÍøÕ¾µÄÇå¾²ÐÔ¡£
ÒÔÉϾÍÊÇNginxÏÞÖÆ»á¼ûIP¶ÎÉèÖã¬Ìá¸ßÍøÕ¾Çå¾²ÐÔµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡