Nginx tcp限制并发、IP、记日志
L:114
Syntax: | limit_conn_zone |
---|---|
Default: | — |
Context: | stream |
limit_conn_zone $binary_remote_addr zone=addr:10m; server { ... limit_conn addr 1; }
Syntax: | limit_conn_log_level |
---|---|
Default: |
limit_conn_log_level error; |
Context: | stream , server |
Syntax:limit_conn
zone
number
; //上面配置的zone名称 限制并发连接数量
Default:—
Context:stream
, server
类似http access访问阶段
Syntax: | allow |
---|---|
Default: | — |
Context: | stream , server |
Syntax: | deny |
---|---|
Default: | — |
Context: | stream , server |
server { ... deny 192.168.1.1; allow 192.168.1.0/24; allow 10.1.1.0/16; allow 2001:0db8::/32; deny all; }
log阶段:stream_log模块
Syntax: | access_log access_log |
---|---|
Default: |
access_log off; |
Context: | stream , server |
Syntax: | log_format |
---|---|
Default: | — |
Context: | stream |
log_format proxy '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
Syntax: | open_log_file_cache open_log_file_cache |
---|---|
Default: |
open_log_file_cache off; |
Context: | stream , server |
nginx.conf指令演示
server { listen 10004 proxy_protocol; #这里开启了协议 set_real_ip_from 192.168.0.51; allow 202.112.144.236; #通过protocol协议 允许该ip访问 deny all; #禁用所有IP return '10004 vars: bytes_received: $bytes_received bytes_sent: $bytes_sent proxy_protocol_addr: $proxy_protocol_addr proxy_protocol_port: $proxy_protocol_port remote_addr: $remote_addr remote_port: $remote_port realip_remote_addr: $realip_remote_addr realip_remote_port: $realip_remote_port server_addr: $server_addr server_port: $server_port session_time: $session_time status: $status protocol: $protocol '; }
[root@3 conf]# telnet 192.168.0.51 10004 Trying 192.168.0.51... Connected to 192.168.0.51. Escape character is '^]'. PROXY TCP4 202.112.144.236 10.210.12.10 5678 80\r\n //这里输入了202.112.144.236地址表示 这样就允许访问了 10004 vars: bytes_received: 0 bytes_sent: 0 proxy_protocol_addr: 202.112.144.236 //查看返回结果 proxy_protocol_port: 5678 remote_addr: 202.112.144.236 remote_port: 5678 realip_remote_addr: 192.168.0.51 realip_remote_port: 49256 server_addr: 192.168.0.51 server_port: 10004 session_time: 2.452 status: 000 protocol: TCP Connection closed by foreign host.