nginx动态添加访问白名单的方法

geo $remote_addr $ip_whitelist {
default 0;
include ip_white.conf;
}

location / {
  if ($ip_whitelist = 1) {
   break;
  }
  return 403;
 }

location /addip {
content_by_lua '

CLIENT_IP = ngx.req.get_headers()["X_real_ip"]
if CLIENT_IP == nil then
 CLIENT_IP = ngx.req.get_headers()["X_Forwarded_For"]
end
if CLIENT_IP == nil then
 CLIENT_IP = ngx.var.remote_addr
end
if CLIENT_IP == nil then
 CLIENT_IP = "unknown"
end
 ngx.header.content_type = "text/html;charset=UTF-8";
 ngx.say("你的IP : "..CLIENT_IP.."<br/>");
 os.execute("/opt/ngx_add.sh "..CLIENT_IP.."")
 ngx.say("添加白名单完成，有效时间最长为2小时");
';
}

#!/bin/bash
ngx_conf=/usr/local/nginx/conf/52os.net/ip_white.conf
ngx_back=/usr/local/nginx/conf/52os.net/ip_white.conf.default
result=`cat $ngx_conf |grep $1`

case $1 in

rec)
 rm -rf $ngx_conf 
 cp $ngx_back $ngx_conf
  /usr/local/nginx/sbin/nginx -s reload
 ;;

*)
 if [ -z "$result" ]
  then
   echo "#####add by web #####" >>$ngx_conf
   echo "$1 1;" >> $ngx_conf
   /usr/local/nginx/sbin/nginx -s reload
  else
   exit 0
  fi
;;
esac

chown root.root /usr/local/nginx/sbin/nginx
chmod 4755 /usr/local/nginx/sbin/nginx

location /addip {

   auth_basic "nginx auto addIP for 52os.net";
   auth_basic_user_file /usr/local/nginx/conf/pass; 
   autoindex on;

1 */2 * * * root /opt/ngx_add.sh rec