#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$host $remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$upstream_response_time"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; client_max_body_size 100M; server { listen 80; server_name _; #charset koi8-r; access_log logs/web.log main; location /exchangePay/ { #代付过白 #if ( $http_x_forwarded_for !~* "47.74.178.135|43.228.125.155|35.220.214.91|43.228.125.28|43.228.125.152|34.92.44.74|223\.225\.159\.119|223.255.159.119|122.128. 111.227") # {return 403; # } ##############代付过白################### allow 122.128.111.227; allow 122.128.111.146; deny all; ######################################## proxy_pass http://papi-1/dsgame_pay_api/exchangePay/; proxy_redirect default; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } nginx设置白名单访问 可以添加在server或者location下面 server { listen 80; server_name nxlhz.com; access_log logs/web-chat.log main; ##############代付过白################### allow 122.128.111.227; 需要过白的IP allow 34.96.136.139; allow 202.57.210.98; deny all; 禁止所有IP访问,除了上面的IP ######################################### location /permission/ { proxy_pass http://127.0.0.1:20001; proxy_read_timeout 300s; proxy_send_timeout 300s;