导读

本博客屏蔽了部分大陆IP访问接口,使用了Nginx实现。要求/archives/lcn- 开头的文章禁止中国IP,但可通过分享连接访问;/archives/scn- 开头的文章不允许中国IP访问。被禁止后展示/ipnono页面。安装GeoIP2,下载Nginx模块并编译安装Nginx,编辑Nginx配置和反向代理,实现了要求。

本博客屏蔽了部分文章的大陆IP访问。这部分是使用Nginx实现的。需求如下:

  • /archives/lcn- 开头的文章禁止cnIP,但是可以通过分享连接访问

  • /archives/scn- 开头的文章禁止cnIP

  • 被禁止后展示/ipnono页面(URL不变)

基于Nginx和宝塔面板

安装GeoIP2

sudo apt-get install libmaxminddb-dev
mkdir /usr/local/share/GeoIP
cd /usr/local/share/GeoIP
wget https://geolite.clash.dev/Country.mmdb
sudo apt-get install libmaxminddb-dev

 

下载Nginx模块

cd /usr/local
git clone https://github.com/leev/ngx_http_geoip2_module.git

编译安装Nginx

--add-module=/usr/local/ngx_http_geoip2_module


编辑Nginx配置

在HTTP模块加入

 geoip2 /usr/local/share/GeoIP/Country.mmdb {
             $geoip2_data_country_code country iso_code;
         }
         # 映射 MM
         map $geoip2_data_country_code $allowed_country {
           default yes;
           no yes;
}

编辑反向代理

实现了:

  • /archives/lcn- 开头的禁止cnIP,但是可以通过分享连接访问

  • /archives/scn- 开头的禁止cnIP

 

#PROXY-START/
set $ipipa "127.0.0.1";

location /
{
    set $back66 "http://${ipipa}";
    proxy_pass $back66;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;
    # proxy_hide_header Upgrade;


    add_header X-Cache $upstream_cache_status;


    #Set Nginx Cache
 
    set $static_filenUHy3gSX 0;
    if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
    {
        set $static_filenUHy3gSX 1;
        expires 1m;
        }
    if ( $static_filenUHy3gSX = 0 )
    {
    add_header Cache-Control no-cache;
    }
    location ^~ /archives/lcn- {
        set $backend "http://${ipipa}/$uri";
        set $do_yaf 0; 
        if ($geoip2_data_country_code = CN) {
           set $do_yaf 1;
        }
        if ($arg_auth != "3qxElFxr1") {
            set $do_yaf "${do_yaf}1"; 
        }
        if ( $do_yaf = "11" ) { 
            set $backend "http://${ipipa}/ipnono";
        }
         
        set $do_yaf 0;
        proxy_pass $backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_http_version 1.1;
        # proxy_hide_header Upgrade;


        add_header X-Cache $upstream_cache_status;


        #Set Nginx Cache
        set $static_filenUHy3gSX 0;
        if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" ) {
            set $static_filenUHy3gSX 1;
            expires 1m;
        }
        if ( $static_filenUHy3gSX = 0 ) {
            add_header Cache-Control no-cache;
        }
     }
	 
    location ^~ /archives/scn- {
        set $backend "http://${ipipa}/$uri";
        set $do_yaf 0; 
        if ($geoip2_data_country_code = CN) {
           set $do_yaf 1;
        }
        if ( $do_yaf = 1 ) { 
            set $backend "http://${ipipa}/ipnono";
        }
         
        set $do_yaf 0;
        proxy_pass $backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_http_version 1.1;
        # proxy_hide_header Upgrade;


        add_header X-Cache $upstream_cache_status;


        #Set Nginx Cache
        set $static_filenUHy3gSX 0;
        if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" ) {
            set $static_filenUHy3gSX 1;
            expires 1m;
        }
        if ( $static_filenUHy3gSX = 0 ) {
            add_header Cache-Control no-cache;
        }
     }
    
}


#PROXY-END/
文章作者: ThinkIN
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 ThinkIN
blog技术
喜欢就支持一下吧
打赏
微信 微信
支付宝 支付宝