这是一个带有 React 站点的 Next.js。使用 NPM 和 Nginx 代理在本地主机上运行。
我在虚拟主机中有以下 nginx 服务器块:
server {
listen 443 ssl;
server_name dev.sekretyrozwojuosobistego.pl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
client_max_body_size 15M;
location / {
proxy_pass http://localhost:4006;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
我想阻止访问/private
如果我以这种方式添加新位置,则会出现问题:
server {
listen 443 ssl;
server_name dev.sekretyrozwojuosobistego.pl;
ssl_certificate /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/privkey.pem; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
client_max_body_size 15M;
# return 301 https://$host$request_uri;
location /private {
auth_basic "Work in progress";
auth_basic_user_file /etc/nginx/restricted/.htpasswd;
proxy_pass http://localhost:4006;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location / {
# auth_basic "Work in progress";
# auth_basic_user_file /etc/nginx/restricted/.htpasswd;
proxy_pass http://localhost:4006;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
此解决方案的优点:
- /private 只能通过密码访问
这个解决方案的缺点:我收到这样的错误:
Failed to load resource: the server responded with a status of 404 ()
webpack-917a29e0b939a068b2f9.js:1 Failed to load resource: the server responded with a status of 404 ()
_app-9d47fe6f5703c9f8e12f.js:1 Failed to load resource: the server responded with a status of 404 ()
_buildManifest.js:1 Failed to load resource: the server responded with a status of 404 ()
_ssgManifest.js:1 Failed to load resource: the server responded with a status of 404 ()
如果我注释掉/private位置块,404 错误就不会再发生。
我做错了吗?该如何解决?
编辑:我可以让它以这种方式工作:
location / {
# auth_basic "Work in progress";
# auth_basic_user_file /etc/nginx/restricted/.htpasswd;
proxy_pass http://localhost:4006;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ^~/private {
auth_basic "Work in progress";
auth_basic_user_file /etc/nginx/restricted/.htpasswd;
proxy_pass http://localhost:4006;
}
但是我不确定是否应该这样,^~/private否则......
我想要阻止的是:/private /private/ /private? /private?whatever /private/whatever
答案1
它会阻止所有以“private”开头的请求
location ~ ^/private {
deny all;
}
这仅接受来自您指定的 IP 地址的请求。
location ~ ^/private {
allow 192.168.1.100;
allow 192.168.1.101;
deny all;
}