L:114

 

 

Syntax:	limit_conn_zone key zone=name:size;//类似http limit_conn 需要开个共享内存  zone=name(共享内存名称):size(共享内存大小)；
Default:	—
Context:	stream

limit_conn_zone $binary_remote_addr zone=addr:10m;server {    ...    limit_conn addr 1;}

Syntax:	limit_conn_log_level info | notice | warn | error;
Default:	limit_conn_log_level error;
Context:	stream, server

 

 

 

 

Syntax:limit_conn zone number; //上面配置的zone名称 限制并发连接数量 

Default:—

Context:stream, server

 

 

类似http access访问阶段

Syntax:	allow address | CIDR | unix: | all; 通过设置允许的ip地址
Default:	—
Context:	stream, server

 

 

 

 

Syntax:	deny address | CIDR | unix: | all; 不允许
Default:	—
Context:	stream, server

 

 

 

 

server {    ...    deny  192.168.1.1;    allow 192.168.1.0/24;    allow 10.1.1.0/16;    allow 2001:0db8::/32;    deny  all;}

 

log阶段:stream_log模块

Syntax:	access_log path format [buffer=size] [gzip[=level]] [flush=time] [if=condition]; access_log off;
Default:	access_log off;
Context:	stream, server

 

 

 

 

Syntax:	log_format name [escape=default|json|none] string ...;
Default:	—
Context:	stream

 

 

 

 

log_format proxy '$remote_addr [$time_local] '                 '$protocol $status $bytes_sent $bytes_received '                 '$session_time "$upstream_addr" '                 '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';

Syntax:	open_log_file_cache max=N [inactive=time] [min_uses=N] [valid=time]; open_log_file_cache off;
Default:	open_log_file_cache off;
Context:	stream, server

 

 

 

 

nginx.conf指令演示

server {
                    listen 10004 proxy_protocol; #这里开启了协议        set_real_ip_from 192.168.0.51;                allow 202.112.144.236; #通过protocol协议 允许该ip访问                deny all; #禁用所有IP                return '10004 vars:bytes_received: $bytes_receivedbytes_sent: $bytes_sentproxy_protocol_addr: $proxy_protocol_addrproxy_protocol_port: $proxy_protocol_portremote_addr: $remote_addrremote_port: $remote_portrealip_remote_addr: $realip_remote_addrrealip_remote_port: $realip_remote_portserver_addr: $server_addrserver_port: $server_portsession_time: $session_timestatus: $statusprotocol: $protocol';        }

 

[root@3 conf]# telnet 192.168.0.51 10004Trying 192.168.0.51...Connected to 192.168.0.51.Escape character is '^]'.PROXY TCP4 202.112.144.236 10.210.12.10 5678 80\r\n //这里输入了202.112.144.236地址表示 这样就允许访问了10004 vars:bytes_received: 0bytes_sent: 0proxy_protocol_addr: 202.112.144.236 //查看返回结果 proxy_protocol_port: 5678remote_addr: 202.112.144.236remote_port: 5678realip_remote_addr: 192.168.0.51realip_remote_port: 49256server_addr: 192.168.0.51server_port: 10004session_time: 2.452status: 000protocol: TCPConnection closed by foreign host.