МБ
ну и чтобы к / тоже было ограничение
Size: a a a
2020 January 14
МБ
или продублировать fastcgi_pass php:9000; во все локейшены? или как-то можно компактнее записать?
МБ
index index.php;
location = / {
allow 192.168.0.0/24;
deny all;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass php:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param AUTH_RESPONSE $auth_resp;
}
location = /index.php {
allow 192.168.0.0/24;
deny all;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass php:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param AUTH_RESPONSE $auth_resp;
}
location ~ [^/]\.php(/|$) {
allow 192.168.0.0/16;
deny all;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass php:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param AUTH_RESPONSE $auth_resp;
}
location = / {
allow 192.168.0.0/24;
deny all;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass php:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param AUTH_RESPONSE $auth_resp;
}
location = /index.php {
allow 192.168.0.0/24;
deny all;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass php:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param AUTH_RESPONSE $auth_resp;
}
location ~ [^/]\.php(/|$) {
allow 192.168.0.0/16;
deny all;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass php:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param AUTH_RESPONSE $auth_resp;
}
МБ
простите чайника )
AN
Попробуйте поиграться через map:
map $allow $request_uri {
"/index.php" "192.168.0.0/24";
default "0.0.0.0/0" ;
}
location ~ [^/]\.php(/|$) {
allow $allow;
deny all;
...
}МБ
Попробуйте поиграться через map:
map $allow $request_uri {
"/index.php" "192.168.0.0/24";
default "0.0.0.0/0" ;
}
location ~ [^/]\.php(/|$) {
allow $allow;
deny all;
...
}во, похоже то что надо, спасибо!
AN
Я правда не уверен, что это будет работать как надо - проверьте :)
МБ
пишет... nginx: [emerg] the duplicate "request_uri" variable in /etc/nginx/nginx.conf:13 хотя вроде нет дублей нигде и инклайдов нет
ЕК
всем привет. Разрешите обратится с вопросом по настройке
Согласовано.
Б
разрешаю
благодарю. какие могут быть причины ошибки в перенаправлении?
location /api/v1/rahmat-agent-api {
rewrite ^/api/v1/rahmat-agent-api(.*) /$1 break;
proxy_pass http://127.0.0.1:2011;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}Б
благодарю. какие могут быть причины ошибки в перенаправлении?
location /api/v1/rahmat-agent-api {
rewrite ^/api/v1/rahmat-agent-api(.*) /$1 break;
proxy_pass http://127.0.0.1:2011;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}не работает (
k
пишет... nginx: [emerg] the duplicate "request_uri" variable in /etc/nginx/nginx.conf:13 хотя вроде нет дублей нигде и инклайдов нет
в map-е переменные местами поменяй
Б
приведите полный конфиг
server {
server_name rahmat.payme.uz;
#root /var/www/rahmat.payme.uz;
#location / {
# try_files $uri $uri/ =404;
#}
location /api/v1/prc {
rewrite ^~/api/v1/prc(.*) /$1 break;
proxy_pass http://127.0.0.1:2011;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/v1/rahmat-agent-api {
rewrite ^/api/v1/rahmat-agent-api(.*) /$1 break;
proxy_pass http://127.0.0.1:2011;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/v1/rahmat-sales-api {
rewrite ^/api/v1/rahmat-sales-api(.*) /$1 break;
proxy_pass http://127.0.0.1:2033;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/v1/id-core {
rewrite ^/api/v1/id-core(.*) /$1 break;
proxy_pass http://127.0.0.1:5010;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/rahmat.payme.uz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/rahmat.payme.uz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}