It was a long time, but it was a perfect solution.
The main front-end Nginx, the back end is Nginx.
The front-end Nginx does not make the relevant URL permission restrictions, because all the URLs in the CI have to go through index.php redirection.
And, in the back-end nginx limit, more than the front-end security.
I am about to follow the following several routines, are back-end nginx operation, is not a strict step, to further investigation.
1,real_ip_header x-forwarded-for; store real IP variables. (This step was not verified again)
2, add the following in the configuration. (For example, limit the URL with the admin keyword)
Location ~. *admin.*{Allow 192.168.1.0/28; #内网要开相关前端IP, this verified allow 1.2.3.4; #我们正正允许的IP deny all; #禁掉所有 rewrite^/(. *) $/index.php/$1Last, #这个好关键, CI is the way to play, no way. Location~ \.php (. *) $ {fastcgi_pass127.0.0.1:9000; Fastcgi_index Index.PHP; Fastcgi_split_path_info^((? U). +\.php) (/?. +)$; Fastcgi_param Script_filename/wdzj/data$fastcgi _script_name; Fastcgi_param Path_info$fastcgi _path_info; Fastcgi_param path_translated$document _root$fastcgi_path_info; includeFastcgi_params; } #再解析PHP, there will be a parsing error like 500}
By the way, another CI under the nginx jump rule (because Nginx does not support multi-conditional judgment, the variable is judged):
Set$ci0;if(!-f$request _filename) {Set$ci"${ci}a";}if(!-d$request _filename) {Set$ci"${ci}b";}if($uri!~ "^ (index.php|images|robots.txt)") {Set$ci"${ci}c";}if($ci= "0ABC") {rewrite^/(. *) $/index.php/$1Last ;}
There is a picture of the truth:
The implementation of the IP that restricts the management directory under the PHP framework of the Nginx reverse proxy, CI (CodeIgniter)