本文将介绍如何利用纯 Nginx 搭建 IP 地址查询接口(只查询 IP 地址,不查询 IP 归属地)。

应用场景:为了安全起见,很多情况下需要填写IP白名单才能进行数据交互通讯,像微信公众号;由于运营商的IP会经常变动,就会造成本地调试环境无法通信,通过本文的教程搭建一个IP查询工具,通过shell命令,做到当IP发生变化时邮件通知运维。

安装 Nginx 的方法就不介绍了,建议安装宝塔进行配置,直接丢配置文件了,文末有现成的,如果你不想自己搭建的话可以直接使用。

配置示例

获取 IP(JSON)

server {
listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

# 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释
# listen 443 http3;
# listen [::]:443 http3;

server_name ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn;

# 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释
# add_header Alt-Svc 'h3=":443"; ma=86400';

# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

# 允许跨域(在其他站点调用接口会用到)
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";

# 获取 IP 地址
location / {
default_type application/json;
return 200 '{"ip":"$remote_addr"}';
# 若使用 CDN 请将$remote_addr改为$http_x_forwarded_for
}

# 证书配置
ssl_certificate /root/.acme.sh/*.ddnsip.cn/fullchain.cer; 
ssl_certificate_key /root/.acme.sh/*.ddnsip.cn/*.ddnsip.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; 
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
ssl_prefer_server_ciphers on;
}

获取 IP(纯文本)

server {
listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

# 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释
# listen 443 http3;
# listen [::]:443 http3;

server_name ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn;

# 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释
# add_header Alt-Svc 'h3=":443"; ma=86400';

# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

# 获取 IP 地址
location / {
default_type text/plain;
return 200 $remote_addr;
# 若使用 CDN 请将$remote_addr改为$http_x_forwarded_for
}

# 证书配置
ssl_certificate /root/.acme.sh/*.ddnsip.cn/fullchain.cer; 
ssl_certificate_key /root/.acme.sh/*.ddnsip.cn/*.ddnsip.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; 
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
ssl_prefer_server_ciphers on;
}

同样方法,也可获取获取 UA

server {
listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

# 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释
# listen 443 http3;
# listen [::]:443 http3;

server_name ipv4.ddnsip.cn ipv6.ddnsip.cn ddnsip.cn;

# 用以支持 HTTP/3,若所用 Nginx 版本支持 HTTP/3,可去掉注释
# add_header Alt-Svc 'h3=":443"; ma=86400';

# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

# 获取 UA(纯文本格式,想要 JSON 格式请用注释掉的代码)
location / {
default_type text/plain;
return 200 $http_user_agent;
}

# 获取 UA(JSON 格式)
# location / {
# default_type application/json;
# return 200 '{"ua":"$http_user_agent"}';
# }

# SSL 配置
ssl_certificate /root/.acme.sh/*.ddnsip.cn/fullchain.cer;
ssl_certificate_key /root/.acme.sh/*.ddnsip.cn/*.ddnsip.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
}