需求如下：在没有公网ip的情况下，不部署vpn，尽可能简单的

nignx配置

server
{
    listen 80;
    server_name *.*.*.*;
    index index.php index.html index.htm default.php default.htm default.html;
    root ****;
    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #SSL-END
    #ERROR-PAGE-START  错误页配置，可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END
    #PHP-INFO-START  PHP引用配置，可以注释或修改
    include enable-php-70.conf;
    #PHP-INFO-END
    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    include /www/server/panel/vhost/rewrite/www.cyyw.com.conf;
    #REWRITE-END
    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log off;
        access_log /dev/null;
    }
    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log off;
        access_log /dev/null; 
    }
    access_log  /www/wwwlogs/www.cyyw.com.log;
    error_log  /www/wwwlogs/www.cyyw.com.error.log;
}

伪静态配置

location / {  
    try_files $uri $uri/ /index.php$is_args$query_string;  
    #以下是ip白名单
    include /www/wwwroot/allow_ip/allow_ip.conf;
    deny all;
}

服务端程序

<?php
/**
 * created by zhang
 */
header("content-type:text/html;charset=utf-8");
error_reporting(E_ALL|E_STRICT);
ini_set("display_errors",'1');
date_default_timezone_set("PRC");
$data = json_decode(file_get_contents('php://input'), true);
$from_ip = getIp();
if(!isset($data['time']) && !isset($data['token'])){
    returnMsg($from_ip,403,"param error!");
}
$secret = "自定义的秘钥";
$file = "./allow_ip.conf";
if(checkToken($data['time'],$secret,$data['token'])){
    $origin = file_exists($file);
    if(!$origin){
        //创建文件
        file_put_contents("allow_ip.conf","");
    }
    if(is_writable($file)){
        //读取原本文件内容
        $ip_info = explode(';',str_replace(PHP_EOL,"",file_get_contents($file)));
        if(preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/",$from_ip)){
            $new_add = "allow ".$from_ip;
            if($ip_info){
                if(in_array($new_add,$ip_info)) returnMsg($from_ip,"200",'existed already!');
            }
            array_push($ip_info,$new_add);
            $ip_info = array_filter(array_unique($ip_info));
            $open_files = fopen($file,'w+');
            $string = "";
            foreach ($ip_info as $k=>$value){
                if(!empty($value)){
                    $ip = trim($value);
                    $string.=$ip.";".PHP_EOL;
                }
            }
            fwrite($open_files,$string);
            fclose($open_files);
            $result = shell_exec("sudo nginx -s reload");
            returnMsg($from_ip,200,"add complete ".$result);
        }
        returnMsg($from_ip,"200","IP address is not correct");
    }else{
        returnMsg($from_ip,"500","file is not writable");
    }
}else{
    returnMsg($from_ip,'403',"token is not right!");
}
/**
 * 访问日志
 * @param $ip
 * @param $result
 */
function recordLog($ip,$result){
    $now_time = date("Y-m-d H:i:s");
    $file = "./log/access_log_".date("Y-m-d").".log";
    if(!file_exists("./log")){
        mkdir("./log");
    }
    $dir = opendir("./log");
    while(($f1 = readdir($dir)) !== false){
        if($f1 != "." && $f1 != ".." && !is_dir($f1)){
            preg_match("/\d{4}-\d{2}-\d{2}/",basename($f1,'.log'),$create_time);
            if(isset($create_time[0]) && $time = $create_time[0]){
                if(mktime(0,0,0,date("m"),date("d"),date("Y"))-strtotime($time) >= 4*86400){
                    unlink("./log/".$f1);
                };
            }
        }
    }
    closedir($dir);
    $log = fopen($file,'a+');
    $content = $now_time.":ip -> ".$ip." accessed,result ->".$result.PHP_EOL;
    fwrite($log,$content);
    fclose($log);
}
/**
 * 前台响应函数
 * @param $ip
 * @param $code
 * @param $message
 */
function returnMsg($ip,$code,$message){
    echo json_encode(array(
        'error'=>$message,
        'code'=>$code
    ));
    recordLog($ip,$message);
    die();
}
/**
 * 获取用户IP
 * @return array|false|string
 */
function getIp(){
    global $_SERVER;
    if (getenv('HTTP_CLIENT_IP')) {
        $ip = getenv('HTTP_CLIENT_IP');
    } else if (getenv('HTTP_X_FORWARDED_FOR')) {
        $ip = getenv('HTTP_X_FORWARDED_FOR');
    } else if (getenv('REMOTE_ADDR')) {
        $ip = getenv('REMOTE_ADDR');
    } else {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}
/**
 * token验证
 * @param $time
 * @param $secret
 * @param $ip
 * @param $from_token
 * @return bool
 */
function checkToken($time,$secret,$from_token){
    $origin_token = sha1(md5($time).md5($secret));
    return $origin_token === $from_token?true:false;
}

客户端程序

<?php
/**
 * created by zhang
 */
header("content-type:text/html;charset=utf-8");
$destination = "服务端访问地址";
$time = time();
$secret = "约定好的访问秘钥";
$data = json_encode(array(
    'time'=>$time,
    'token'=>sha1(md5($time).md5($secret))
));
$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_PORT => "约定好的访问端口",
    CURLOPT_URL => $destination,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_POSTFIELDS => $data,
    CURLOPT_HTTPHEADER => array(
        "content-type: application/json",
    ),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
    echo "cURL Error #:" . $err;
} else {
    echo $response;
}

配置客户端定时任务，服务端就会将客户端的ip地址自动写入ip白名单中，并限制未经授权的ip地址访问