本文将介绍如何利用纯 Nginx 搭建 IP 地址查询接口(只查询 IP 地址,不查询 IP 归属地)。
应用场景:为了安全起见,很多情况下需要填写IP白名单才能进行数据交互通讯,像微信公众号;由于运营商的IP会经常变动,就会造成本地调试环境无法通信,通过本文的教程搭建一个IP查询工具,通过shell命令,做到当IP发生变化时邮件通知运维。
安装 Nginx 的方法就不介绍了,建议安装宝塔进行配置,直接丢配置文件了,文末有现成的,如果你不想自己搭建的话可以直接使用。
配置示例
获取 IP(JSON)
server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; # 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释 # listen 443 http3; # listen [::]:443 http3; server_name ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn; # 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释 # add_header Alt-Svc 'h3=":443"; ma=86400'; # HSTS add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; # 允许跨域(在其他站点调用接口会用到) add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; # 获取 IP 地址 location / { default_type application/json; return 200 '{"ip":"$remote_addr"}'; # 若使用 CDN 请将$remote_addr改为$http_x_forwarded_for } # 证书配置 ssl_certificate /root/.acme.sh/*.ddnsip.cn/fullchain.cer; ssl_certificate_key /root/.acme.sh/*.ddnsip.cn/*.ddnsip.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; }
获取 IP(纯文本)
server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; # 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释 # listen 443 http3; # listen [::]:443 http3; server_name ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn; # 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释 # add_header Alt-Svc 'h3=":443"; ma=86400'; # HSTS add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; # 获取 IP 地址 location / { default_type text/plain; return 200 $remote_addr; # 若使用 CDN 请将$remote_addr改为$http_x_forwarded_for } # 证书配置 ssl_certificate /root/.acme.sh/*.ddnsip.cn/fullchain.cer; ssl_certificate_key /root/.acme.sh/*.ddnsip.cn/*.ddnsip.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; }
同样方法,也可获取获取 UA
server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; # 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释 # listen 443 http3; # listen [::]:443 http3; server_name ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn; # 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释 # add_header Alt-Svc 'h3=":443"; ma=86400'; # HSTS add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; # 获取 UA(纯文本格式,想要 JSON 格式请用注释掉的代码) location / { default_type text/plain; return 200 $http_user_agent; } # 获取 UA(JSON 格式) # location / { # default_type application/json; # return 200 '{"ua":"$http_user_agent"}'; # } # SSL 配置 ssl_certificate /root/.acme.sh/*.ddnsip.cn/fullchain.cer; ssl_certificate_key /root/.acme.sh/*.ddnsip.cn/*.ddnsip.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; }