server {
    listen 9200;  # 监听 9200 端口
    server_name 106.53.194.199;  # 运维机 的公网 IP

    allow 43.159.145.241;  # 只允许海外服务器的 IP 访问
    allow 49.51.46.148;
    allow 43.153.21.64;
    allow 49.51.204.217;
    allow 43.135.183.236;
    allow 43.153.89.55;
    allow 43.130.37.162;
    allow 170.106.72.185;    
    allow 49.51.184.170;
    allow 170.106.108.53;
    allow 43.135.184.244;
    allow 43.153.112.140;
    allow 170.106.159.139;
    allow 43.130.58.97;
    allow 43.153.102.178;
    allow 43.153.84.88;
    allow 43.130.56.138;
    allow 43.130.59.68;
    allow 170.106.187.49;
    allow 43.153.21.64;
    allow 43.153.98.191;
    allow 49.51.41.243;
    deny all;              # 拒绝其他所有 IP

    access_log /data/tengine/logs/sit_9200_access.log;
    error_log /data/tengine/logs/sit_9200_error.log;

    location / {
        proxy_pass http://192.168.70.16:9200;  # 反向代理到本地电脑 的 Elasticsearch
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}