二:Nginx 站点的基础配置
2.1:server_name 配置
2.1.1:http 配置段导入 conf.d 下的配置文件
- 删除默认 server 配置,并为 http 配置段导入 conf.d 下的配置文件:
[root@node106 ~]# vim /apps/nginx/conf/nginx.conf
http {
……
include /apps/nginx/conf.d/*.conf;
……
}
- 重载 nginx:
[root@node106 ~]# systemctl reload nginx
2.1.2:新建一个 PC 端站点
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
location / {
root /data/nginx/yqc/www;
}
}
- 检查配置文件:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
- 重载nginx:
[root@node106 ~]# systemctl reload nginx
- 准备 PC 端测试页面:
[root@node106 ~]# mkdir /data/nginx/yqc/www -pv
mkdir: created directory ‘/data’
mkdir: created directory ‘/data/nginx’
mkdir: created directory ‘/data/nginx/yqc’
mkdir: created directory ‘/data/nginx/yqc/www’
[root@node106 ~]# vim /data/nginx/yqc/www/index.html
PC site
- 访问测试
2.1.3:新建一个移动端站点
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/wap.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name wap.yqc.com;
location / {
root /data/nginx/yqc/wap;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 准备移动端测试页:
[root@node106 ~]# mkdir /data/nginx/yqc/wap
[root@node106 ~]# vim /data/nginx/yqc/wap/index.html
wap site
- 访问测试
2.2:location 匹配
2.2.1:不指定匹配方式
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location /images {
root /data/nginx/yqc/www;
}
location /text {
root /data/nginx/yqc;
}
}
访问以 /images 开始的 URI,root 为 /data/nginx/yqc/www;
访问以 /text 开始的 URI, root 为 root /data/nginx/yqc;
- 准备测试页面:
[root@node106 ~]# mkdir /data/nginx/yqc/text
[root@node106 ~]# vim /data/nginx/yqc/text/test.txt
test text
-
访问测试
http://www.yqc.com/images/ironman.jpg
http://www.yqc.com/text/test.txt
2.2.2:精确匹配
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location = /ironman.jpg {
root /data/nginx/yqc/www/images;
}
}
访问 http://www.yqc.com/ironman.jpg 时,root 为 /data/nginx/yqc/www/images;
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# !sys
systemctl reload nginx
- 验证访问
http://www.yqc.com/ironman.jpg
2.2.3:正则表达式匹配 - 区分大小写
- 编辑配置文件:
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
# location / {
# root /data/nginx/yqc/www;
# index index.html;
# }
location ~ /images/.*\.JPG {
root /data/nginx/yqc/www;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# !sys
systemctl reload nginx
- 准备测试文件:
[root@node106 ~]# ll /data/nginx/yqc/www/images/
total 1340
-rw-r--r-- 1 root root 1113986 Dec 2 12:37 batman.JPG
-rw-r--r-- 1 root root 254358 Dec 2 09:53 ironman.jpg
- 访问测试:
仅能访问大写的 JPG,而不能识别 jpg 结尾的 URI;
2.2.4:正则表达式匹配 - 不区分大小写
- 将上述配置改为
~*
:
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
# location / {
# root /data/nginx/yqc/www;
# index index.html;
# }
location ~* /images/.*\.JPG {
root /data/nginx/yqc/www;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# !sys
systemctl reload nginx
- 访问测试
可以访问 jpg 结尾的图片;
2.2.5:正则表达式匹配 - 匹配 URI 起始
验证:
^~
比~
的匹配优先级高;
- 编辑配置文件:
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
# location / {
# root /data/nginx/yqc/www;
# index index.html;
# }
location ~ /images/.*\.jpg {
root /data/nginx/yqc/www;
}
location ^~ /images {
root /data/nginx/yqc;
}
}
- 准备测试图片:
[root@node106 ~]# mkdir /data/nginx/yqc/images
[root@node106 ~]# cp ironman.jpg /data/nginx/yqc/images/ironman111.jpg
- 访问测试:
可以访问http://www.yqc.com/images/ironman111.jpg;
但不能访问http://www.yqc.com/images/ironman.jpg;
因为优先匹配location ^~ /images
,而根据其中指定的 root,存在/data/nginx/yqc/images/ironman111.jpg
,但不存在/data/nginx/yqc/images/ironman111.jpg
;
2.3:Nginx 安全
2.3.1:allow/deny 访问控制
通过匹配请求的源 IP 地址,对访问进行控制;
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
location / {
root /data/nginx/yqc/www;
index index.html;
allow 192.168.1.66;
deny all;
}
}
~
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 192.168.1.66 访问:
- 192.168.1.9 访问:
2.3.2:basic 用户认证
- 安装 httpd-tools,以使用 htpasswd 命令:
[root@node106 ~]# yum install httpd-tools -y
- 创建用户认证文件,并添加第一个认证用户:
[root@node106 ~]# htpasswd -cbm /apps/nginx/conf/.htpasswd user1 123456
Adding password for user user1
- 添加第二个用户:
[root@node106 ~]# htpasswd -bm /apps/nginx/conf/.htpasswd user2 123456
Adding password for user user2
- 查看用户认证文件:
[root@node106 ~]# cat /apps/nginx/conf/.htpasswd
user1:$apr1$D9a1alP8$/PI5dWmw.puO6OBGcpL/F1
user2:$apr1$CLtPB5Sc$YFk83BEiQO2hLEGPyxic90
- 编辑 nginx 配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
location / {
root /data/nginx/yqc/www;
index index.html;
auth_basic "username/password";
auth_basic_user_file /apps/nginx/conf/.htpasswd;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问测试:
2.3.3:limit_except
- 编辑配置文件
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-yqc-com_access.log;
error_log /data/nginx/logs/www-yqc-com_error.log;
client_max_body_size 10m;
client_body_buffer_size 16k;
client_body_temp_path /data/nginx/temp 1 2 2;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
location /upload {
root /data/nginx/yqc/www;
index index.html;
limit_except GET {
allow 192.168.1.105;
deny all;
}
}
}
配置:
- 仅允许 192.168.1.105 执行除 GET 之外的其它操作;
- 其他 IP 仅允许 GET(允许GET的同时意味着也允许HEAD);
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 创建目录:
[root@node106 ~]# mkdir /data/nginx/yqc/www/upload
[root@node106 ~]# chown -R nginx:nginx /data/nginx
- 使用192.168.1.105 上传文件:
[root@node105 ~]# curl -XPUT /etc/issue http://www.yqc.com/upload
curl: (3) <url> malformed
<html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>
405 表示Nginx已经允许 PUT 操作,但程序不支持上传功能;
- 使用192.168.1.111 上传文件:
root@ubuntu:~# curl -XPUT /etc/issue http://www.yqc.com/upload
curl: (3) <url> malformed
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>
403 表示 PUT 被 Nginx 拒绝;
2.3.4:隐藏 Nginx 版本
- 更改 Nginx 源码信息:
[root@node106 ~]# vim /usr/local/src/nginx-1.18.0/src/http/ngx_http_header_filter_module.c
static u_char ngx_http_server_string[] = "Server: yqc" CRLF;
- 重新编译安装nginx:
[root@node106 ~]# systemctl stop nginx
[root@node106 ~]# cd /usr/local/src/nginx-1.18.0/
[root@node106 nginx-1.18.0]# ./configure \
--prefix=/apps/nginx \
--user=nginx --group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--add-module=/usr/local/src/echo-nginx-module
[root@node106 nginx-1.18.0]# make && make install
[root@node106 nginx-1.18.0]# systemctl start nginx
- 访问验证响应报文头部
没改过来,不深究了;
2.3.5:编译升级 OpenSSL
升级 openssl 主要是为了解决 heartbleed 安全漏洞;
heartbleed 漏洞存在于 OpenSSL 的 1.0.1 至 1.0.1f(含)版本中,较新版本及先前版本均不受影响;
[root@node106 ~]# yum info openssl Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Installed Packages Name : openssl Arch : x86_64 Epoch : 1 Version : 1.0.2k Release : 19.el7 Size : 814 k Repo : installed From repo : base Summary : Utilities from the general purpose cryptography library with TLS implementation URL : http://www.openssl.org/ License : OpenSSL Description : The OpenSSL toolkit provides support for secure communications between : machines. OpenSSL includes a certificate management tool and shared : libraries which provide various cryptographic algorithms and : protocols.
此次系统上的 OpenSSL 版本为 1.0.2k,已不存在此安全漏洞,仅为了测试升级步骤;
-
查看当前 openssl 版本:
当前为 1.0.2k;
[root@node106 ~]# nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
- 下载并解压 openssl 源码包:
openssl 官网:https://www.openssl.org
本次下载的为 openssl-1.1.1h,下载地址为:https://www.openssl.org/source/openssl-1.1.1h.tar.gz
[root@node106 ~]# cd /usr/local/src/
[root@node106 src]# tar zxvf openssl-1.1.1h.tar.gz
- 重新编译安装 nginx:
[root@node106 ~]# systemctl stop nginx
[root@node106 ~]# cd /usr/local/src/nginx-1.18.0/
[root@node106 nginx-1.18.0]# ./configure \
--prefix=/apps/nginx \
--user=nginx --group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--add-module=/usr/local/src/echo-nginx-module \
--with-openssl=/usr/local/src/openssl-1.1.1h
[root@node106 nginx-1.18.0]# make && make install
-
验证 openssl 版本:
版本升级为 1.1.1h
[root@node106 ~]# nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1h 22 Sep 2020
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/usr/local/src/echo-nginx-module --with-openssl=/usr/local/src/openssl-1.1.1h
2.4:Nginx 日志
2.4.1:access_log 访问日志
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-yqc-com_access.log;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
}
- 创建相应日志目录:
[root@node106 ~]# mkdir /data/nginx/logs
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问并查看日志:
[root@node106 ~]# tail -f /data/nginx/logs/www-yqc-com_access.log
192.168.1.9 - user1 [02/Dec/2020:13:45:31 +0800] "GET /tom.jpg HTTP/1.1" 404 6 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36"
192.168.1.9 - user1 [02/Dec/2020:13:45:37 +0800] "GET /tom.jpg HTTP/1.1" 404 6 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36"
192.168.1.9 - user1 [02/Dec/2020:13:45:50 +0800] "GET /images/batman.JPG HTTP/1.1" 200 1113986 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36"
192.168.1.66 - - [02/Dec/2020:13:46:14 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0"
2.4.2:error_log 错误日志
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-yqc-com_access.log;
error_log /data/nginx/logs/www-yqc-com_error.log;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问并查看日志:
[root@node106 ~]# tail -f /data/nginx/logs/www-yqc-com_error.log
2020/12/02 13:53:10 [error] 5113#0: *65 open() "/data/nginx/yqc/www/images/tom.jpg" failed (2: No such file or directory), client: 192.168.1.9, server: www.yqc.com, request: "GET /images/tom.jpg HTTP/1.1", host: "www.yqc.com"
2.5:Nginx 应用
2.5.1:root 与 alias
root 与 alias 的区别:
-
在 location 中指定 root 时,location 指定的 URI 的文件系统路径为:root + URI;
比如:location /images { root /data/nginx/yqc/www; }
如果要访问的是 http://www.yqc.com/images/1.jpg,那么文件的路径为:
/data/nginx/yqc/www/images/1.jpg
; -
在 location 中指定 alias 时,location 指定的 URI 的文件系统路径为:alias;
比如:
location /images {
alias /data/nginx/yqc/www;
}
如果要访问的是 http://www.yqc.com/images/1.jpg,那么文件的路径为:/data/nginx/yqc/www/1.jpg
;
指定 root 与 alias
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location /images {
root /data/nginx/yqc/www;
}
location /images-alias {
alias /data/nginx/yqc/www;
}
}
- 重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 准备 root 测试图片:
[root@node106 ~]# mkdir /data/nginx/yqc/www/images
[root@node106 ~]# cp ironman.jpg /data/nginx/yqc/www/images/
- 准备 alias 测试图片:
[root@node106 ~]# cp batman.jpg /data/nginx/yqc/www/
访问指定了 root 的 URI
- 浏览器访问 http://www.yqc.com/images/ironman.jpg
访问指定了 alias 的 URI
- 浏览器访问 http://www.yqc.com/images-alias/batman.jpg
2.5.2:error_page 错误页面
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 准备错误页面:
[root@node106 ~]# mkdir /data/nginx/yqc/redirect
[root@node106 ~]# vim /data/nginx/yqc/redirect/error.html
sorry
- 访问测试:
2.5.3:try_files
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-yqc-com_access.log;
error_log /data/nginx/logs/www-yqc-com_error.log;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
location ^~ /images {
root /data/nginx/yqc/www;
try_files $uri $uri.jpg /images/default.jpg;
}
}
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 准备测试图片:
[root@node106 ~]# ll /data/nginx/yqc/www/images/
total 1372
-rw-r--r-- 1 root root 1113986 Dec 2 12:37 batman.JPG
-rw-r--r-- 1 root root 31912 Dec 2 14:20 default.jpg
-rw-r--r-- 1 root root 254358 Dec 2 09:53 ironman.jpg
- 访问不存在的文件,显示default.jpg:
- 访问不加jpg后缀的图片:
2.5.4:auto_index 显示列表
可以使用该选项配置下载服务器;
- 编辑配置文件:
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-yqc-com_access.log;
error_log /data/nginx/logs/www-yqc-com_error.log;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
location /download {
root /data/nginx/yqc/www;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
autoindex_format html;
limit_rate 1k;
}
}
配置为:
- 开启自动索引;
- 不显示文件精确大小(即以 K、M等单位显示);
- 显示为当前系统时间;
- 显示格式为 html;
- 设置每个连接的速率限制为 1KB/s;(这个限制是针对单个连接的,如果一个客户端同时开了多个连接,则总的速率限制为 limit_rate 乘以连接数)
- 准备下载目录及文件:
[root@node106 ~]# mkdir /data/nginx/yqc/www/download
[root@node106 ~]# cp /usr/local/src/nginx-1.18.0/* /data/nginx/yqc/www/download -R
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问及下载测试:
- 下载速度为 1KB/s 左右:
2.5.5:stub_status 状态页
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
listen 192.168.1.106:80;
server_name www.yqc.com;
error_page 500 502 503 504 404 /error.html;
access_log /data/nginx/logs/www-yqc-com_access.log;
error_log /data/nginx/logs/www-yqc-com_error.log;
location / {
root /data/nginx/yqc/www;
index index.html;
}
location = /error.html {
root /data/nginx/yqc/redirect;
}
location = /status {
stub_status;
allow 192.168.1.0/24;
allow 127.0.0.1;
deny all;
}
}
配置:
- 仅允许192.168.1.0/24 和 本地访问状态页;
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问状态页:
2.5.6:favicon.ico 网站图标
浏览器发送请求时,会自动请求获取页面的图标文件;
如果图标文件不存在,会产生 404 错误;
设置不记录错误日志
- 查看修改前的错误日志:
2020/12/03 11:31:23 [error] 4460#0: *28 open() "/data/nginx/yqc/www/favicon.ico" failed (2: No such file or directory), client: 192.168.1.9, server: www.yqc.com, request: "GET /favicon.ico HTTP/1.1", host: "www.yqc.com", referrer: "https://www.yqc.com/"
- 修改配置文件:
[root@node106 ~]# cat /apps/nginx/conf.d/www.yqc.com.conf
server {
……
location = /favicon.ico {
log_not_found off;
access_log off;
}
}
配置 URI 为 /favicon.ico 时:
- 不记录“文件未找到”的错误日志;
- 不记录访问日志;
- 检查配置文件并重载nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问并查看是否有新的错误日志
设置网站图标
- 编辑配置文件:
[root@node106 ~]# vim /apps/nginx/conf.d/www.yqc.com.conf
server {
……
location = /favicon.ico {
root /data/nginx/yqc/www/images;
#log_not_found off;
access_log off;
expires 90d;
}
}
- 准备图标文件:
[root@node106 ~]# mv buding.jpg /data/nginx/yqc/www/images/favicon.ico
- 检查配置文件并重载 nginx:
[root@node106 ~]# nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@node106 ~]# systemctl reload nginx
- 访问测试: