Nginx 禁止国外ip访问(debian版本)

  1. 参考下面脚本安装 Nginx
#!/bin/bash
## install nginx
WORK_DIR=`mktemp -d`
apt install wget libpcre3 libpcre3-dev zlib1g-dev \
    openssl libssl-dev libxml2 libxml2-dev libxslt-dev  \
    gcc  make libgd-dev  libgeoip-dev  libperl-dev libmaxminddb* 
cd /opt && git clone https://github.com/leev/ngx_http_geoip2_module.git

cd $WORK_DIR
wget http://nginx.org/download/nginx-1.20.1.tar.gz

tar zxvf nginx-1.20.1.tar.gz && cd nginx-1.20.1
./configure --prefix=/opt/nginx --user=apache --group=apache \
    --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module \
    --with-pcre --with-http_v2_module --with-http_dav_module \
    --with-http_flv_module --with-http_realip_module --with-http_addition_module \
    --with-http_xslt_module --with-http_sub_module --with-http_random_index_module \
    --with-http_degradation_module --with-http_secure_link_module --with-http_perl_module \
    --add-module=/opt/ngx_http_geoip2_module \
    --with-debug --with-file-aio --with-stream --with-ld-opt=-Wl,-E
make && make install
cd ~ && [ -d $WORK_DIR ] && rm $WORK_DIR -rf

## 添加nginx运行账户
cat /etc/passwd | grep apache
if [ $? -ne 0 ];then
    groupadd apache
    useradd -g apache -s /sbin/nologin -c "apache" apache
fi
  1. 下面一个示例的 nginx 配置文件
user  apache;
worker_processes  auto;

events {
    worker_connections  65535;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    tcp_nopush     on;
    keepalive_timeout  65;
    gzip  on;

    #  GeoLite2-Country.mmdb 这个文件需要到 'https://dev.maxmind.com' 自行下载并放到 ' /usr/share/GeoIP' 这个目录下
    geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
        auto_reload 5m;
        $geoip2_data_country_code country iso_code;
    }

    map $geoip2_data_country_code $allowed_country {
        default yes;
        CN no;
    }

    server {
        listen       80;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }

        if ($allowed_country = yes) {
            return 403;
        }
    }

}
  1. 测试的话需要用一个国外的节点进行测试

centos7 配置正向代理

运行以下脚本安装nginx , 该脚本只针对nginx-1.20.1 版本 

#!/bin/bash
## install nginx

WORK_DIR=`mktemp -d`
yum install wget gcc gcc-c++ automake pcre pcre-devel zlib-devel openssl openssl-devel  git libxml2-devel libxslt-devel perl-devel perl-ExtUtils-Embed -y
cd $WORK_DIR
git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar zxvf nginx-1.20.1.tar.gz && cd nginx-1.20.1
patch -p1 < $WORK_DIR/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch
./configure --prefix=/opt/nginx --add-module=$WORK_DIR/ngx_http_proxy_connect_module --user=apache --group=apache --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-http_v2_module --with-http_dav_module --with-http_flv_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_random_index_module --with-http_degradation_module --with-http_secure_link_module --with-http_perl_module --with-debug --with-file-aio --with-stream --with-ld-opt=-Wl,-E
make && make install

cd  ~
[ -d $WORK_DIR ] && rm $WORK_DIR -rf

## 添加nginx运行账户
groupadd apache
useradd -g apache -s /sbin/nologin -c "apache" apache

下面是一个正向代理的配置文件示例: 

server {
     listen  0.0.0.0:10713;

     access_log logs/10713.access.log;
     error_log logs/10713.error.log;

     resolver                       114.114.114.114  ipv6=off; # 关闭ipv6 解决可能会出现失败的问题

     proxy_connect;
     proxy_connect_allow            all; # 允许所有接口通过该端口转发
     proxy_connect_connect_timeout  100s;
     proxy_connect_read_timeout     100s;
     proxy_connect_send_timeout     100s;

     # forward proxy for non-CONNECT request
     location / {
         proxy_pass http://$http_host;  # 这儿的设置可以解决代理非常规端口的问题
         proxy_set_header Host $host;
     }
 }

参考: https://github.com/chobits/ngx_http_proxy_connect_module

debian10 安装 rabbitmq

直接运行下面的脚本 

#!/usr/bin/sh

sudo apt-get install curl gnupg apt-transport-https -y

## Team RabbitMQ's main signing key
curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null
## Cloudsmith: modern Erlang repository
curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/gpg.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/io.cloudsmith.rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null
## Cloudsmith: RabbitMQ repository
curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/gpg.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/io.cloudsmith.rabbitmq.9F4587F226208342.gpg > /dev/null

## Add apt repositories maintained by Team RabbitMQ
sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
## Provides modern Erlang/OTP releases
##
deb [signed-by=/usr/share/keyrings/io.cloudsmith.rabbitmq.E495BB49CC4BBE5B.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/ubuntu bionic main
deb-src [signed-by=/usr/share/keyrings/io.cloudsmith.rabbitmq.E495BB49CC4BBE5B.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/deb/ubuntu bionic main

## Provides RabbitMQ
##
deb [signed-by=/usr/share/keyrings/io.cloudsmith.rabbitmq.9F4587F226208342.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/ubuntu bionic main
deb-src [signed-by=/usr/share/keyrings/io.cloudsmith.rabbitmq.9F4587F226208342.gpg] https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/deb/ubuntu bionic main
EOF

## Update package indices
sudo apt-get update -y

## Install Erlang packages
sudo apt-get install -y erlang-base \
                        erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
                        erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
                        erlang-runtime-tools erlang-snmp erlang-ssl \
                        erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl

## Install rabbitmq-server and its dependencies
sudo apt-get install rabbitmq-server -y --fix-missing

再依次运行下面的命令 

rabbitmq-plugins enable rabbitmq_management
rabbitmqctl add_user admin password
rabbitmqctl set_user_tags admin administrator
rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"
systemctl restart rabbitmq-server.service
systemctl enable rabbitmq-server.service

参考: https://www.rabbitmq.com/install-debian.html#apt-quick-start-cloudsmith