我有这样的Nginx设置,其中服务器应该主要是私有的(只有某个IP地址可以使用服务器),除了一个应该公开的位置块:
server {
listen 443 ssl default;
# Allow access only from certain IP addresses
allow 12.34.56.78/32;
allow 10.0.2.2/32;
deny all;
# Proxy dynamic requests to the app
location / {
proxy_pass http://127.0.0.1:8000;
}
# Serve static assets from disk
location = /favicon.ico {
alias /var/www/example.com/htdocs/static/images/favicon.png;
}
location /static {
alias /var/www/example.com/htdocs/static;
}
...
# Allow public access to this endpoint
location = /public/endpoint {
proxy_pass http://127.0.0.1:9000;
# Allow *all* IPs here,so that they don't hit the server "deny" rule
# [except this doesn't seem to work...]
allow 0.0.0.0/0;
}
}
但是,在最后添加允许公共位置块中的规则不起作用 – 来自上面列表中的IP的请求被拒绝.
将拒绝所有规则从服务器块移动到每个非公共位置块中也没有预期的效果.
有没有办法实现所需的行为,而不必将整套“允许,允许,拒绝”规则复制到每个非公共位置块?
最佳答案
你应该只使用allow all
原文链接:https://www.f2er.com/nginx/435647.htmllocation = /public/endpoint {
proxy_pass http://127.0.0.1:9000;
# Allow *all* IPs here,so that they don't hit the server "deny" rule
allow all;
}
此外,如果您使用不同类型的限制,您可能需要添加满足任何;它的工作原理.
