加入yum的更新源
[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1
安裝Geo-Moudules
yum -y install geoip-devel nginx-module-geoip -y
檢查nginx底下是否有這兩支檔案
ls /etc/nginx/modules/ngx_http_geoip_module.so ls /etc/nginx/modules/ngx_stream_geoip_module.so
修改nginx.conf
load_module /etc/nginx/modules/ngx_http_geoip_module.so;
load_module /etc/nginx/modules/ngx_stream_geoip_module.so;
http {
geo $allow_whitelist {
default 0;
include /etc/nginx/conf.d/whitelist-geoallow;
}
}
修改conf.d/default.conf
if ($allow_whitelist = 0) {return 401;}
error_page 403 @error;
error_page 405 @maintenance;
location @maintenance {
rewrite ^(.*)$ http://api.test.com/ break;
}
location @error {
root /etc/nginx/conf.d/html/error/;
try_files $uri /401.json =401;
add_header Cache-Control no-cache;
}
新增檔案conf.d/whitelist-geoallow
#1代表允許 0代表封鎖 123.123.123.123 1; 221.221.221.221 1;