老板出国访问不了公司的系统,想起当时设置了nginx,只允许中国的IP地址访问。注释掉规则后,老板可以访问公司系统。这里写篇博客,记录一下GeoIP模块的使用。我在aws上启用了一个免费的主机,用的centos的镜像。
[root@localhost ~]# vi /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/6/$basearch/ gpgcheck=0 enabled=1 [root@localhost ~]# yum install nginx -y [root@localhost ~]# service nginx start Starting nginx:Starting nginx: [ OK ]2.安装nginx_module_geoip
[root@localhost ~]# yum install nginx-module-geoip -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package nginx-module-geoip.x86_64 0:1.14.0-1.el6.ngx will be installed
--> Processing Dependency: GeoIP for package: nginx-module-geoip-1.14.0-1.el6.ngx.x86_64
--> Processing Dependency: libGeoIP.so.1()(64bit) for package: nginx-module-geoip-1.14.0-1.el6.ngx.x86_64
--> Finished Dependency Resolution
Error: Package: nginx-module-geoip-1.14.0-1.el6.ngx.x86_64 (nginx)
Requires: GeoIP
Error: Package: nginx-module-geoip-1.14.0-1.el6.ngx.x86_64 (nginx)
Requires: libGeoIP.so.1()(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest报错,通过yum search geoip查找,发现仓库里没有安装包。
安装epel仓库,yum install epel-release -y,再次查找,仓库里有GeoIP安装包
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
解压后,我就放在了nginx目录下。
4.修改配置文件,使用IP筛选
为方便所有站点使用,我直接在/etc/nginx/nginx.conf中写入加载
load_module /usr/lib64/nginx/modules/ngx_http_geoip_module.so; load_module /usr/lib64/nginx/modules/ngx_stream_geoip_module.so; ... geoip_country /etc/nginx/GeoIP.dat;
配置单个站点使用规则,打开/etc/nginx/conf.d/default.conf
set $deny 0;
if ($geoip_country_code != "CN"){
set $deny 1;
return 302 $scheme://$host/405.html;
}
if ($deny = 1){
return 302 $scheme://$host/405.html;
}这里设置的,非中国IP不能访问。
走代理测试成功。
| 人吐槽 | 人点赞 |
发表评论