본문 바로가기

리눅스

[리눅스] NGINX 특정 파일이나 디렉토리를 제외한 모든 연결을 제한

728x90

NGINX 특정 파일이나 디렉토리를 제외한 모든 연결을 제한

모든 연결 제한(나머지 요청 301 리다이렉트)

    location / {
        return 301 https://sangchul.kr;
    }

특정 파일이나 디렉터리(health_check.html 파일) 접근 허용

    location ~ ^/health_check.html {
        #access_log off;
        access_log /var/log/nginx/elb-healthchecker-access.log main;
    }

default.conf 파일

$ vim /etc/nginx/conf.d/default.conf
# Settings for a HTTP enabled server.
server {
    listen 80;
    server_name _;
    
    root /usr/share/nginx/html;
    
    index index.php index.html index.htm;

    # Load configuration files for the default server block.
    #include /etc/nginx/default.d/*.conf;

    location / {
        return 301 https://sangchul.kr;
    }
    #location / {
    #    try_files $uri $uri/ /index.php?$query_string;
    #}

    disable_symlinks off;
    
    autoindex off;

    charset utf-8;

    access_log /var/log/nginx/localhost-access.log main;
    error_log /var/log/nginx/localhost-error.log;

    error_page 404 /404.html;
        location = /404.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ ^/health_check.html {
        #access_log off;
        access_log /var/log/nginx/elb-healthchecker-access.log main;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }

    # nginx, php-fpm status
    location ~ ^/(status|ping)$ {
        allow 127.0.0.1;
        allow 10.2.3.158;
        allow 10.51.91.17;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_index index.php;
        include fastcgi_params;
        deny all;
        access_log off;
    }
    location /basic_status {
        stub_status on;
        allow 127.0.0.1;
        allow 10.51.91.17;
        allow 10.2.3.158;
        deny all;
        access_log off;
    }
}
728x90