一、Nginx防盗链
配置Nginx防盗链和配置过期时间、不记录日志都用到location,所以可以把两部分写在一起,如下所示
server {
listen 80;
server_name test.com;
if ($host = "test.com"){
rewrite ^/(.*)$ http://127.0.0.1/test/$1 permanent;
}
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
//~* 表示后面的关键词不区分大小写
{
expires 1d;
valid_referers none blocked server_names *.test.com ;
if ($invalid_referer) { //$invalid referer表示无效的referer
return 403;
}
access_log off;
}
}
测试:
[root@nginx ~] /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~] /usr/local/nginx/sbin/nginx -s reload
[root@nginx ~] curl -x127.0.0.1:80 -e "http://www.baidu.com" test.com/1.gif -I
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 17 Jul 2020 11:55:09 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@nginx ~] curl -x127.0.0.1:80 -e "http://www.test.com" test.com/1.gif -I
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 17 Jul 2020 11:55:09 GMT
Content-Type: image/gif
Content-Length: 2
Last-Modified: Fri, 17 Jul 2020 11:55:09 GMT
Connection: keep-alive
Expires: Fri, 17 Jul 2020 23:59:59 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
防盗链配置成功,而且不仅仅有防盗链的功能,还有过期时间。
二、Nginx访问控制
针对目录的访问控制
location ~ ^/test/index.html {
root /opt/app/code;
deny 192.168.145.132; #禁止132主机访问,允许其他所有IP访问
allow all;
index index.html index.htm;
}
作用:访问/test/目录的请求,只允许某几个IP访问
测试:
[root@nginx ~] /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@nginx ~] curl http://192.168.145.132:80 /test/index.html -I
HTTP/1.1 403 Forbidden
Server: nginx/1.16.1
Date: Fri, 17 Jul 2020 12:30:06 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
正则匹配来限制访问
location ~ .*(image)/.*\.php$
{
deny all;
}
作用:把访问的URL中带有image字符串,并且是PHP的请求拒绝访问。
测试:
[root@nginx ~] curl -x127.0.0.1:80 test/image/1.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
三、Nginx解析php相关配置
location ~ \.php$
51 {
52 include fastcgi_params;
53 fastcgi_pass unix:/tmp/php-fcgi.sock;
54 fastcgi_index index.php;
55 fastcgi_param SCRIPT_FILENAME /data/www/test$fastcgi_script_name; #脚本文件请求的路径,
当访问127.0.0.1/index.php的时候,需要读取网站根目录下面的index.php文件,
如果没有配置这一配置项时,nginx不回去网站根目录下访问.php文件,
所以返回空白,所以这一项必须要具备
56 }
fastcgi 作用
- Nginx 与 php-fpm 通信过程是通过 nginx 的 fastcgi 模块来处理的,即 fastcgi 模块将来自客户端的关于 php 文件的请求转发给 php-fpm 来处理。既然是转发请求,那么必须要遵循一定的协议,也就是 fastcgi.conf 所规定的协议。
测试:
[root@nginx1 ~] curl -x127.0.0.1:80 test/3.php -I
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Fri, 17 Jul 2020 12:50:06 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.6.30
nginx与php-fpm的结合完整的流程
test.com
|
|
请求 Nginx 中的php文件
|
|
路由到 test/today.php
|
|
加载 nginx 的 fast-cgi 模块
|
|
fast-cgi监听127.0.0.1:9000地址
|
|
test/index.php 请求到达 127.0.0.1:9000
|
|
php-fpm 监听 127.0.0.1:9000
|
|
php-fpm 接收到请求,启用 worker 进程处理请求
|
|
php-fpm 处理完请求,返回给 nginx
|
|
nginx 将结果通过 http 返回给浏览器
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
