1、更新操作:
[root@host ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
2、安装相应大陆地址模块库相应的包
[root@host ~]# yum install libmaxminddb libmaxminddb-devel -y
[root@host ~]# cd /home/deploy/nginx
[root@host nginx]# yum -y install git
[root@host nginx]# git clone https://github.com/leev/ngx_http_geoip2_module
3、重新编译安装nginx
[root@host nginx]# cd /home/deploy/updates/
[root@host updates]# tar -xf nginx-1.10.1.tar.gz
[root@host updates]# cd nginx-1.10.1
[root@host nginx-1.10.1]# ./configure –prefix=/home/deploy/nginx –with-http_stub_status_module –with-http_ssl_module –with-http_v2_module –add-dynamic-module=/home/deploy/nginx/ngx_http_geoip2_module
[root@host nginx-1.10.1]# make&&make install
4、下载国家和城市ip地址判别模块工具包
[root@host nginx-1.10.1]# cd /etc/
[root@host etc]# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz
[root@host etc]# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz
[root@host etc]# gunzip GeoLite2-City.mmdb.gz
[root@host etc]# gunzip GeoLite2-Country.mmdb.gz
5、修改nginx配置(配置白名单)
[root@host etc]# cd /home/deploy/nginx/conf/
[root@host conf]# vim ip.conf
10.0.0.0/16 1;
28.7.78.35 1;
116.24.97.37 1;
添加部分如下:
[root@host conf]# vim nginx.conf
load_module modules/ngx_http_geoip2_module.so;
http {
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for” “$geoip2_data_country_code” “$geoip2_data_city_name”‘;
……………
add_header X-Frame-Options SAMEORIGIN;
geoip2 /etc/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=DEFAULT_COUNTRY source=$http_x_forwarded_for country iso_code;
$geoip2_data_country_name country names en;
}
geoip2 /etc/GeoLite2-City.mmdb {
$geoip2_data_city_name default=DEFAULT_CITY source=$http_x_forwarded_for city names en;
}
fastcgi_intercept_errors on;
geo $http_x_forwarded_for $ip_whitelist {
default 0;
include ip.conf;
}
server {
error_page 403 /403.html;
location /403.html {
allow all;
root /home/deploy/nginx/static/;
}
location /chinaintercept {
allow all;
root /home/deploy/nginx/static/;
}
location / {
set $flag 0;
if ($ip_whitelist != 1) {
set $flag “1”;
}
if ($geoip2_data_country_code ~ “(CN)”) {
set $flag “${flag}2”;
}
if ($flag ~ “(12)”) {
return 403;
}
}
}
出现问题:
解决办法
[root@ip-10-0-3-16 nginx-1.14.0]# ./configure [“你的nignx -V 得到的配置参数”] –add-dynamic-module=/home/deploy/nginx/ngx_http_geoip2_module
最后输出日志格式如下
10.0.2.202 – – [22/Nov/2019:11:20:55 +0800] “GET /history?symbol=POLA_USDT&resolution=15&from=1574383849&to=1574392849 HTTP/1.1” 200 7408 “https://www.cpct.pro/tradingview?symbol=POLA_USDT” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36” “23.225.153.218” “US” “Los Angeles”
10.0.2.202 – – [22/Nov/2019:11:20:56 +0800] “POST /user/getAccountInfo HTTP/1.1” 200 473 “https://www.cpct.pro/tradingview?symbol=TYT_CPCT” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.2 Safari/605.1.15” “66.42.59.45” “SG” “Singapore”
10.0.2.202 – – [22/Nov/2019:11:20:56 +0800] “GET /maintain.json HTTP/1.1” 502 166 “-” “okhttp/3.10.0” “117.136.30.148” “CN” “Chongqing”
10.0.1.82 – – [22/Nov/2019:11:20:56 +0800] “POST /klinevtwo/indexv1 HTTP/1.1” 200 24410 “https://www.cpct.pro/index” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36” “218.17.178.135” “CN” “Shenzhen”
————————————————
版权声明:本文为CSDN博主「yunson_Liu」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/baidu_38432732/article/details/90268625
