Nginx Proxy ManagerÇå¾²ÐÔÆÊÎöÓë·À»¤
Nginx Proxy ManagerÇå¾²ÐÔÆÊÎöÓë·À»¤
СÐò£º
ÔÚ»¥ÁªÍøÓ¦ÓÃÖУ¬Çå¾²ÐÔÒ»Ö±ÊÇÖÁ¹ØÖ÷ÒªµÄÎÊÌâ¡£×÷Ϊһ¿îÇ¿Ê¢µÄ·´ÏòÊðÀíºÍ¸ºÔØƽºâЧÀÍÆ÷Èí¼þ£¬NginxÔÚ°ü¹ÜÍøÂçÓ¦ÓÃÇå¾²ÉÏÆð×ÅÖ÷ÒªµÄ×÷Óá£È»¶ø£¬Ëæ×Å»¥ÁªÍøÊÖÒÕµÄÒ»Ö±Éú³¤£¬ÍøÂç¹¥»÷ÈÕÒæÔö¶à£¬ÔõÑù°ü¹ÜNginx Proxy ManagerµÄÇå¾²ÐÔ³ÉΪÁËؽ´ý½â¾öµÄÎÊÌâ¡£±¾ÎĽ«´ÓNginx Proxy ManagerµÄÇå¾²ÐÔÆÊÎö¼°ÏìÓ¦µÄ·À»¤²½·¥Á½·½ÃæÕö¿ªÌÖÂÛ£¬×ÊÖú½¨ÉèÔ½·¢Çå¾²µÄÍøÂçÇéÐΡ£
Ò»¡¢Nginx Proxy ManagerÇå¾²ÐÔÆÊÎö
δ¾ÊÚȨµÄ»á¼û£º
Nginx Proxy ManagerµÄÒ»ÏîÖ÷Òª¹¦Ð§ÊÇÉèÖÃÊðÀíЧÀÍÆ÷£¬Òò´Ë±ØÐè±ÜÃâδ¾ÊÚȨµÄ»á¼û¡£³£¼ûµÄ·À»¤²½·¥°üÀ¨Ê¹ÓÃÇ¿ÃÜÂë¾ÙÐб£»¤¡¢ÏÞÖÆ»á¼ûIPµÈ¡£ÀýÈ磬ÔÚNginxµÄÉèÖÃÎļþÖУ¬¿ÉÒÔͨ¹ýÒÔÏ´úÂëʵÏÖ»ù±¾µÄ»á¼û¿ØÖÆ£º
location / { deny 192.168.1.1; allow 192.168.1.0/24; allow 10.0.0.0/16; deny all; }
µÇ¼ºó¸´ÖÆ
DDOS¹¥»÷£º
DDOS¹¥»÷ÊÇÒ»ÖÖ³£¼ûµÄÍøÂç¹¥»÷ÊֶΣ¬ÆäÄ¿µÄÊÇͨ¹ý´ó×ÚµÄÇëÇóʹЧÀÍÆ÷²»¿°Öظº£¬×îÖÕµ¼ÖÂЧÀͲ»¿ÉÓá£Õë¶ÔDDOS¹¥»÷£¬¿ÉÒÔ½ÓÄÉÒÔÏ·À»¤²½·¥£º
ʹÓ÷À»ðǽ¹ýÂ˲»Õýµ±µÄÇëÇóÁ÷Á¿£»
ÉèÖÃNginx·´ÏòÊðÀíÀ´Æ½ºâ¸ºÔغÍÊèÉ¢Á÷Á¿£»
ʹÓûº´æÄ£¿éÀ´½µµÍЧÀÍÆ÷¸ººÉ¡£
SQL×¢Èë¹¥»÷£º
SQL×¢Èë¹¥»÷ÊÇͨ¹ý½«¶ñÒâµÄSQL´úÂë²åÈëµ½Ó¦ÓóÌÐòµÄÊäÈë²ÎÊýÖУ¬´Ó¶øʵÏÖ¶ÔÊý¾Ý¿âµÄ²»·¨²Ù×÷¡£±ÜÃâSQL×¢Èë¹¥»÷µÄÒªº¦ÔÚÓÚ׼ȷ¹ýÂËÓû§µÄÊäÈë¡£ÔÚNginx Proxy ManagerÖУ¬¿ÉÒÔʹÓÃÄÚÖõÄÄ£¿é»òÕß×Ô½ç˵ģ¿éÀ´¶ÔÓû§ÊäÈë¾ÙÐйýÂ˺ÍÑéÖ¤£¬ÀýÈ磺
# ʹÓÃÄÚÖÃÄ£¿é location / { if ($query_string ~ "(.*?)('|")(.*?)(.*)") { return 403; } } # ʹÓÃ×Ô½ç˵ģ¿é location / { lua_need_request_body on; access_by_lua_block { local args = ngx.req.get_post_args() if args and args.sql then ngx.exit(ngx.HTTP_FORBIDDEN) end } }
µÇ¼ºó¸´ÖÆ
¶þ¡¢Nginx Proxy ManagerÇå¾²ÐÔ·À»¤²½·¥
¼á³ÖÈí¼þ¸üУº
ʵʱ¸üÐÂNginx Proxy ManagerµÄ°æ±¾£¬ÒÔ»ñÈ¡×îеÄÇå¾²²¹¶¡ºÍ¹¦Ð§ÐÞ¸´¡£Í¨¹ý°´ÆÚ¼ì²é¹Ù·½ÍøÕ¾ºÍÓʼþ¶©ÔÄ£¬ÊµÊ±»ñÈ¡Óйذ汾¸üеÄ֪ͨ£¬²¢Æ¾Ö¤¹Ù·½½¨Òé¾ÙÐÐÉý¼¶¡£
ºÏÀíµÄ»á¼û¿ØÖÆ£º
ÔÚNginx Proxy ManagerµÄÉèÖÃÎļþÖУ¬¿ÉÒÔͨ¹ýÒýÈë»ù±¾ÈÏ֤ģ¿é»òÕßSSLÖ¤ÊéÀ´ÏÞÖƶÔÊðÀíЧÀÍÆ÷µÄ»á¼û¡£ÀýÈ磬¿ÉÒÔʹÓÃÈçÏ´úÂëʵÏÖ»ù±¾µÄÈÏÖ¤£º
location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; }
µÇ¼ºó¸´ÖÆ
ÉèÖûá¼ûÈÕÖ¾ºÍ¼à¿Ø£º
°´ÆÚÆÊÎöNginx»á¼ûÈÕÖ¾£¬ÊµÊ±·¢Ã÷Òì³£ÇëÇóºÍDZÔڵĹ¥»÷ÐÐΪ¡£¿ÉÒÔʹÓÃÈÕÖ¾ÆÊÎö¹¤¾ß£¬ÈçELK Stack£¬¶Ô»á¼ûÈÕÖ¾¾ÙÐÐʵʱ¼à¿Ø£¬²¢ÉèÖþ¯±¨»úÖÆ¡£
ʹÓÃWAF·À»¤£º
WebÓ¦Ó÷À»ðǽ£¨WAF£©¿ÉÒÔͨ¹ý¼ì²âºÍ×èµ²¶ñÒâÇëÇó£¬ÌṩÌØÁíÍâÇå¾²²ã¡£¿ÉÒÔÑ¡Ôñ³ÉÊìµÄWAF²úÆ·£¬ÈçModSecurity£¬½«ÆäÓëNginx Proxy Manager¾ÙÐм¯³ÉʹÓá£
Ç¿»¯SSL/TLSÇå¾²ÐÔ£º
ÔÚÉèÖÃSSL/TLSʱ£¬Ê¹ÓøßÇ¿¶ÈµÄ¼ÓÃÜËã·¨ºÍÇå¾²Ö¤Ê飬ÉèÖÃÑÏ¿áµÄTLSÐÒé°æ±¾ºÍÃÜÂëÌ×¼þ¡£ÁíÍ⣬¹ØÓÚNginxÉèÖÃÎļþÖеÄSSLÉèÖÃÖ¸ÁҲÐèÒª×Ðϸ¼ì²éºÍµ÷½â¡£
½áÂÛ£º
Nginx Proxy Manager×÷Ϊһ¿î¹¦Ð§Ç¿Ê¢µÄ·´ÏòÊðÀíºÍ¸ºÔØƽºâЧÀÍÆ÷Èí¼þ£¬ÔÚÓ¦¶ÔÒ»Ö±ÔöÌíµÄÍøÂç¹¥»÷ÖÐÊÎÑÝ×ÅÖ÷ÒªµÄ½ÇÉ«¡£Í¨¹ý¶ÔNginx Proxy ManagerµÄÇå¾²ÐÔ¾ÙÐÐÆÊÎöºÍÏìÓ¦µÄ·À»¤²½·¥µÄʵÑ飬¿ÉÒÔ×ÊÖú¹¹½¨Ô½·¢Çå¾²¿É¿¿µÄÍøÂçÇéÐΣ¬ÎªÓû§µÄÏßÉÏÓ¦ÓÃÌṩÇå¾²°ü¹Ü¡£
£¨ÕýÎÄÔ¼1200×Ö£©
ÒÔÉϾÍÊÇNginx Proxy ManagerÇå¾²ÐÔÆÊÎöÓë·À»¤µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡