1、autoindex
- 将页面文件以目录的方式呈现,用于当访问的文件找不到的时候
- 常用于自建yum仓库
- autoindex可以用在http、server、location任意曾使用
location / {
autoindex on;
}
编辑-配置文件
[root@nginx conf.d]# vim /etc/nginx/conf.d/test.conf
server {
listen 80;
server_name www.test-01.org;
root /code/test;
location / {
index index.html;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
charset utf-8;
}
}
加载配置文件
[root@nginx conf.d]# systemctl reload nginx.service
[root@nginx test]# rm -rf index.html
[root@nginx test]# mkdir test-0{1..10}
浏览器访问测试-查看效果
2、access-访问策略
- 限制IP访问
- /admin管理员页面,限制普通人员无法登录
2.1)通过来源IP地址限制(允许192.168.200.150访问,其余的拒绝)
server {
listen 80;
server_name www.cheng.org;
charset utf-8;
root /code/cheng;
location / {
index index.html;
allow 192.168.200.150/32;
deny all;
}
}
2.1)通过来源IP地址限制(拒绝192.168.200.150,其余的允许)
server {
listen 80;
server_name www.cheng.org;
charset utf-8;
root /code/cheng;
location / {
index index.html;
deny 192.168.200.150/32;
allow all;
}
}
测试访问
[root@nginx nginx]# curl -H Host:www.cheng.org http://192.168.200.120
3、auth_basic-网页限制访问(使用用户名、密码)
3.1)下载密码生成命令htpasswd:可以将用户名和密码同时生成
[root@nginx test]# yum -y install httpd-tools.x86_64
[root@nginx test]# htpasswd -c -b /etc/nginx/basic_passwd admin admin
Adding password for user admin
[root@nginx test]# cat /etc/nginx/basic_passwd
admin:$apr1$LhFTCQWJ$ysDAMYXpkFeBZgloFrrmp0
3.2)修改nginx配置文件
[root@nginx test]# vim /etc/nginx/conf.d/test.conf
server {
listen 80;
server_name www.test-01.org;
root /code/test;
location / {
index index.html;
}
location /admin {
auth_basic "请输入用户名、密码";
auth_basic_user_file /etc/nginx/basic_passwd;
}
}
[root@nginx test]# systemctl reload nginx.service
3.3)浏览器访问测试
4、limit-req请求限制
- 限制用户的请求数
- 当请求处理速达不到请求速度,则会将请求放置缓存,当缓存被占满请求就会被拒绝
[root@nginx test]# vim /etc/nginx/conf.d/test.conf
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
listen 80;
server_name www.test-01.org;
root /code/test;
limit_req zone=one burst=5 nodelay;
location / {
index index.html;
}
}
[root@nginx test]# systemctl reload nginx.service
- 限制的关键字$binary_remote_addr:来源IP
- zone=one:定义的区域
- 10m:区域的大小
- rate=1r/s:处理的速度,每秒1个
- burst=5:一秒钟可以产生6个请求
4.1)模拟访问10个请求次数-测试
[root@nginx test]# ab -n 10 -c 2 -H 'Host:www.cheng.org' http://192.168.200.120/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.200.120 (be patient).....done
Server Software: nginx/1.24.0
Server Hostname: 192.168.200.120
Server Port: 80
Document Path: /
Document Length: 16 bytes
Concurrency Level: 2
Time taken for tests: 0.001 seconds
Complete requests: 10
Failed requests: 4
5、limit-conn连接限制
- 限制用于的连接数
- 模拟用户请求下载文件的数量
[root@nginx test]# dd if=/dev/zero count=500 bs=10M of=/code/test-01/test
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
listen 80;
server_name www.test-01.org;
charset utf-8;
limit_conn addr 1; # 设置连接的数量1个(常设置500-1000),如果超过1个就会报503,也可以DIY
limit_conn_status 412;
# DIY报错码
root /code/test-01;
location / {
index index.html;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
}
6、limit-rate限速
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
listen 80;
server_name www.test-01.org;
charset utf-8;
limit_conn addr 1;
root /code/test-01;
location / {
index index.html;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
limit_rate_after 300m; #先300M速度,在200k速度
limit_rate 200k;
}
}
7、stub_status状态检测模块
server {
listen 80;
server_name www.test-01.org;
root /code/test-01;
access_log off;
location / {
index index.html;
stub_status;
}
7.1)浏览器访问测试
- accepts = 2:接收的总连接数量
- handled = 2 :已处理的连接数量
- requests = 3:总的请求数量
- Reading: 0 :当前读取的请求头数量
- Writing: 1 :当前响应的请求头数量
- Waiting: 0:当前等待请求的空闲客户端连接数
-
使用zabbix监控,就可以呈现实时的网站流量状态