Dynamic Domain-IPAddress Make Nginx Access Config

2021-03-22 21点热度 0人点赞 0条评论

根据 某人 要求制作的一个脚本,已开源在 Github 上。
Dynamic Domain-IPAddress Make Nginx Access Config


脚本下载地址 [ 链接 ]


脚本的目的是 将多个域名解析成 IP,并将 IP 地址集合 制作成 Nginx 的 AccessList 配置文件,交由 Nginx 调用

subprocess 参考 [ 链接 ]

# Dynamic IPAddress Make Nginx Access Config (White List)
#
# Author: StarryVoid <[email protected]>
# Intro:  https://blog.starryvoid.com/archives/585.html
# Build:  2021/03/22 Version 1.0.1
#
# Operating environment "Python3 dnspython"
# Install Command "pip3 install dnspython"
# About "dnspython" https://github.com/rthalley/dnspython https://dnspython.readthedocs.io/en/latest/
# About "ngx_http_access_module" http://nginx.org/en/docs/http/ngx_http_access_module.html
#
# Default Input File ./dns_read_list.txt
# One line of the configuration file is like "www.google.com#1.1.1.1#A#216.58.197.196#Annotation"
#
# Default Output File ./nginx_access_whitelist.conf
# One line of the output file is like "Allow 216.58.197.196/32;"
# There is an extra rule at the end of the configuration file "deny all;"
# And automatically reload the Nginx service "systemctl reload nginx.service"

import sys,dns.resolver,subprocess

def DNS_Query(domain_name,dns_server,domain_type,source_address):
    try:
        DNS_Resolver = dns.resolver.Resolver()
        DNS_Resolver.port = int("53")
        DNS_Resolver.timeout = float("2.0")
        DNS_Resolver.lifetime = float("5.0")
        DNS_Resolver.nameservers = list(str(dns_server).split('#'))
        return str(DNS_Resolver.resolve(str(domain_name),rdtype=str(domain_type),source=source_address).response.answer[-1].to_text().split("\n")[0].split(" ")[4])
        #
        #DNS_Answer_List=list()
        #DNS_Answer_List_Rdata = DNS_Resolver.resolve(str(domain_name),str(domain_type))
        #for rdata in DNS_Answer_List_Rdata:
        #    DNS_Answer_List.append(str(rdata))                              #IP
        #    DNS_Answer_List.append(str(rdata.target).strip(".").lower())    #CNAME
        #return tuple(DNS_Answer_List)
        #
        #DNS_Answer_List=tuple()
        #DNS_Answer_List_RRset = DNS_Resolver.resolve(str(domain_name),str(domain_type))
        #for rrset in DNS_Answer_List_RRset.response.answer:
        #    for i in rrset.items:
        #        print(i.to_text())
        #        DNS_Answer_List.append(str(i.to_text()).strip(".").lower())
        #return tuple(DNS_Answer_List)
        #
    except Exception as Error:
        print (domain_name,domain_type,'Error: unable to start def \"DNS_Query\"')
def main():
    try:
        Input_tmp_data=[]
        Output_tmp_data=[]
        Difference_Status=int(0)
        DNS_Query_Source_Address=None    #Your Network Bind Address , Default is "None" , Change to "str("127.0.0.1")"
        #
        with open("dns_read_list.txt", "r") as r_file:
            r_file_lines = r_file.readlines()
        #
        for r_line in r_file_lines:
            #r_line="www.163.com#1.2.4.5#A#216.58.197.196#Annotation"
            DNS_query_info=str(r_line).split('#')
            DNS_query_info[-1]=DNS_query_info[-1].replace('\n', '').replace('\r', '')
            #print("Inf1",DNS_query_info)
            Old_DNS_Answer=DNS_query_info[3].strip()
             New_DNS_Answer=DNS_Query(DNS_query_info[0].strip(),DNS_query_info[1].strip(),DNS_query_info[2].strip(),DNS_Query_Source_Address)
            if str(New_DNS_Answer) == "None" :
                New_DNS_Answer=Old_DNS_Answer
            #print("Inf2",DNS_query_info)
            #print("Old",Old_DNS_Answer)
            #print("New",New_DNS_Answer)
            if str(New_DNS_Answer.strip()) != str(Old_DNS_Answer.strip()) :
                Difference_Status+=1
                DNS_query_info[3]=str(New_DNS_Answer)
                #print("Inf3",DNS_query_info)
            Input_tmp_data.append(str("#".join(DNS_query_info)))
            Output_tmp_data.append("allow " + str(New_DNS_Answer) + "/32;")
            #print(New_DNS_Answer,Old_DNS_Answer,"Num =",Difference_Status)
        #
        if bool(Difference_Status) :
            Output_tmp_data.append('deny all;\n')
            #print("O1",Input_tmp_data)
            #print("O2",Output_tmp_data)
            with open("dns_read_list.txt", "w+") as w_file_output:
                w_file_output.write("\n".join(Input_tmp_data))
            with open("nginx_access_whitelist.conf", "w+") as w_file_input:
                w_file_input.write("\n".join(Output_tmp_data))
            subprocess.Popen('systemctl reload nginx.service',shell=True).returncode
     #
    except Exception as Error:
        print ('[Error]: Some errors have occurred, please check the configuration file.')

if name == "main":
    main()

输入信息

www.google.com#1.1.1.1#A#172.217.26.36#Annotation
www.bing.com#1.1.1.1#A#13.107.21.200#注释

输出信息

allow 172.217.26.36/32;
allow 13.107.21.200/32;
deny all;

Nginx 处理

systemctl reload nginx

StarryVoid

这个人很懒,什么都没留下