我要评论一.nginx部署
docker-compose.yml
version: '2'
services:
nginx:
image: 'nginx:latest'
restart: always
container_name: nginx
ports:
- '80:80'
- '443:443'
volumes:
- '/app/nginx/conf.d:/etc/nginx/conf.d'
- '/app/nginx/logs:/etc/nginx/logs'
command: nginx -g 'daemon off;'
创建目录
mkdir -p /app/nginx/logs mkdir -p /app/nginx/conf.d
conf.d/default.conf配置文件
server {
listen 80;
server_name localhost;
#自定义日志路径,log格式使用main(默认)
access_log logs/access_service.log main;
location / {
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header host $http_host;
proxy_pass http://xxx.com;
client_max_body_size 100m;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
二.限制ip访问
查找访问者ip方法
awk ‘{print $1}' access_service.log |sort |uniq -c|sort -n配置文件conf.d/default.conf
server {
listen 80;
server_name localhost;
access_log logs/access_service.log main;
# 将禁止ip放在server级别
deny 172.20.0.1;
location / {
# 将禁止ip放在location级别
# deny 172.20.0.1;
allow 172.20.0.1;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header host $http_host;
proxy_pass http://test.xylink.cn;
client_max_body_size 100m;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
限制ip语法
deny和allow可以应用到http,server,location级别
//屏蔽单个ip访问 deny ip; //允许单个ip访问 allow ip; //屏蔽所有ip访问 deny all; //允许所有ip访问 allow all; //屏蔽整个段即从123.0.0.1到123.255.255.254访问的命令 deny 123.0.0.0/8 //屏蔽ip段即从123.45.0.1到123.45.255.254访问的命令 deny 124.45.0.0/16 //屏蔽ip段即从123.45.6.1到123.45.6.254访问的命令 deny 123.45.6.0/24 //如果你想实现这样的应用,除了几个ip外,其他全部拒绝, //那需要你在guolv_ip.conf中这样写 allow 1.1.1.1; allow 1.1.1.2; deny all;
总结
以上为个人经验,希望能给大家一个参考,也希望大家多多支持代码网。
发表评论