Otu esi ejikwa nnweta dabere na adreesị IP onye ahịa na NGINX
Enwere ụzọ dị iche iche nke nchekwa sava weebụ NGINX siri ike nke otu n'ime ya bụ njikwa ohere dabere na adreesị IP. Ntuziaka a na-akọwa otu esi echekwa ngwa weebụ site na ịchịkwa ohere dabere na adreesị IP onye ahịa na NGINX.
Ntuziaka a na-eche na ị nwere ihe nkesa weebụ NGINX arụnyere ma na-agba ọsọ, ma ọ bụghị lelee ntuziaka ndị a:
- Etu esi etinye sava Weebụ Nginx na Ubuntu
- Otu esi etinye Nginx na CentOS
- Otu esi etinye Nginx na Debian
- Otu esi etinye Nginx na RHEL
Nweta njikwa dabere na adreesị IP onye ahịa na NGINX
Modul ngx_http_access_module dị na NGINX na-enyere aka igbochi ohere ịnweta ụfọdụ adreesị IP ndị ahịa. Ị nwere ike ịgbalite ya site na iji ikike ma jụ ntuziaka.
Ntuziaka ikike dị ka aha na-egosi na-enye ohere ịnweta otu adreesị IP, netwọkụ, socket Unix, ma ọ bụ ihe niile (okwu maka ụlọ ọrụ ndị gara aga), na ntuziaka agọnahụ na-agọnahụ ịnweta adreesị IP akọwapụtara, netwọkụ, oghere Unix, ma ọ bụ ihe niile.
Ntuziaka abụọ ahụ dị irè na HTTP, nkesa, ọnọdụ yana limit_ewezuga ọnọdụ. Nke a bụ ọmụmaatụ iji ikike na jụ ntuziaka n'ime ọnọdụ ọnọdụ iji gbochie ịnweta ọrụ API:
upstream app_api {
keepalive 100;
server 10.1.1.50:5000;
server 10.1.1.71:5001;
}
server {
listen 80;
server_name _;
access_log /var/log/nginx/app_api_access.log main;
error_log /var/log/nginx/app_api_error.log debug;
root /usr/share/nginx/html/;
location / {
try_files $uri /api;
}
location /api {
proxy_read_timeout 3600;
proxy_connect_timeout 3600s;
keepalive_timeout 15;
send_timeout 300;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://app_api$request_uri;
#list of allowed IPs to access API
allow 10.10.10.20;
allow 10.10.40.29;
allow 192.168.2.23;
allow 192.168.10.0/24;
deny all;
}
}
N'ihe atụ dị n'elu, a na-anabata arịrịọ ọ bụla iji nweta nke ọ bụla n'ime njedebe njedebe API proxied naanị maka 10.10.10.20, 10.10.40.29, 192.168.2.23 adreesị IP, na nke ọ bụla n'ime ndị dị na 192.168.10.0/24 netwọk. Arịrịọ sitere na adreesị IP ọ bụla ma ọ bụ netwọkụ ma ọ bụ oghere ngalaba UNIX ga-ajụ.
NGINX ga-aza njehie 403 amachibidoro nye onye ahịa ka egosiri.
Mgbe ịlele /var/log/nginx/app_api_error.log njehie log, ị ga-ahụ ndenye dị ka nke egosiri na nseta ihuenyo na-esonụ:
# cat /var/log/nginx/app_api_error.log debug
Maka ndụmọdụ ndị siri ike nke sava weebụ NGINX, lelee: Ntuziaka kacha mma maka Secure na Harden Nginx Web Server.