伏雨朝寒悉不胜,那能还傍杏花行。去年高摘斗轻盈。漫惹炉烟双袖紫,空将酒晕一衫青。人间何处问多情。 ———— 纳兰容若
通用的后台路径容易被扫描,找了官方社区文章了解到目前无法修改后台/admin 的路径地址,只能加以限制访问宝塔自带的目录加密访问、禁止访问都不行会影响正常使用。琢磨了一下通过手写nginx配置限制指定IP访问,经测试正常完美运行这边分享一下配置如下
#PROXY-START/
location ~* \.(php)$
{
proxy_pass http://127.0.0.1:20199;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
if (!-e $request_filename) {
proxy_pass http://127.0.0.1:20199;
}
proxy_http_version 1.1;
proxy_read_timeout 360s;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
add_header Cache-Control no-cache;
expires 12h;
}
location /admin/ {
allow 192.168.1.10; # 允许访问的IP地址
deny all;
if (!-e $request_filename) {
proxy_pass http://127.0.0.1:20199;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
#PROXY-END/
修改 allow 192.168.1.10; 的192.168.1.10为你的IP,复制替换原来的反代配置即可;这是在CRMEB官方文档的nginx反代配置基础上加了/admin/目录的访问限制 实现仅允许指定IP访问后台。
作者: 温柔