[英]How do I implement nginx geoip module with reverse proxy only
This is nginx 1.19.5 I have reverse proxy server where I am hosting around 20 sites behind nginx reverse proxy server.这是 nginx 1.19.5 我有反向代理服务器,我在 nginx 反向代理服务器后面托管大约 20 个站点。 This reverse proxy server only used for reverse proxy purpose and no local web server is running on it.
此反向代理服务器仅用于反向代理目的,没有本地 web 服务器在其上运行。
I need to implement geoip blocking but what I understood from the document is我需要实施 geoip 阻止,但我从文档中了解到的是
map $geoip_country_code $allowed_country
variable to has to be set in http section and then变量 to 必须在 http 部分中设置,然后
if ($allowed_country = no) {
return 444;
}
Can be called in server section.可以在服务器部分调用。 This is fine if I am hosting one site what if in case of mutiple sites?
如果我托管一个站点,这很好,如果有多个站点怎么办? In this case suppose
在这种情况下假设
siteA.exampe.com need to have access blocked from CN While siteB.example.com needs to have access allowed from CN siteA.exampe.com 需要从 CN 阻止访问 而 siteB.example.com 需要从 CN 允许访问
How do I achieve it?我如何实现它?
I have a great answer about why map
is in the http context only:关于为什么
map
仅在 http 上下文中,我有一个很好的答案:
DR;TL Variables in NGINX are always global and once defined accessable from anywhere in the configration.
DR;TL NGINX 中的变量始终是全局的,一旦定义,就可以从配置中的任何位置访问。 Therfore it would not make any sense to define a map in a server or location block.
因此,在服务器或位置块中定义 map 没有任何意义。
nginx map directive: why is it allowed only on http level? nginx map 指令:为什么只允许在 http 级别上使用?
So that saying regardless where your map is loacted the value of $allowed_country
will be assigned once you access to variable.因此,无论您的 map 位于何处,一旦您访问变量,就会分配
$allowed_country
的值。 So its totally fine to have the map on the server level and do the checks in your server or location blocks.因此,在服务器级别拥有 map 并在您的服务器或位置块中进行检查是完全可以的。
I would use another map
having server_names
and a list of blocked countries.我会使用另一个
map
具有server_names
和被封锁国家的列表。 Then a little njs-function can take care of the check if the country from geo-ip is allowed or not.然后一个小的 njs-function 可以负责检查来自 geo-ip 的国家是否被允许。
Just remember: If is evil.请记住:如果是邪恶的。 Use it carefully:
小心使用它:
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.