如果你的服务器被攻击很厉害,而且服务器是自己练手的,不需要其他用户访问的,那么就可以配置一下nginx的白名单,规定有哪些ip可以访问你的服务器
配置如下:
http模块:
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
geo $remote_addr $geo {
default 0; #0表示禁止访问
127.0.0.1 1; #1表示可以访问
}
include /usr/local/nginx/conf.d/*.conf;
}
server模块:
server {
listen 80;
server_name jenkins.aa.bb;
location / {
# 如果不是白名单则 显示403 禁止访问
if ( $geo = 0 ) {
return 403;
}
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
#proxy_pass http://127.0.0.1:9792;
proxy_pass http://127.0.0.1:59932;
proxy_read_timeout 90;
#proxy_redirect http://127.0.0.1:9792 https://jenkins.qinhej.top;
#Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
}
