如果你的伺服器被攻擊很厲害,而且伺服器是自己練手的,不需要其他使用者通路的,那麼就可以配置一下nginx的白名單,規定有哪些ip可以通路你的伺服器
配置如下:
http子產品:
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
geo $remote_addr $geo {
default 0; #0表示禁止通路
127.0.0.1 1; #1表示可以通路
}
include /usr/local/nginx/conf.d/*.conf;
}
server子產品:
server {
listen 80;
server_name jenkins.aa.bb;
location / {
# 如果不是白名單則 顯示403 禁止通路
if ( $geo = 0 ) {
return 403;
}
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
#proxy_pass http://127.0.0.1:9792;
proxy_pass http://127.0.0.1:59932;
proxy_read_timeout 90;
#proxy_redirect http://127.0.0.1:9792 https://jenkins.qinhej.top;
#Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
}