场景实践:
1.静态资源web服务
1.1静态资源类型:
非服务动态运行生成的文件:
1.2静态资源服务场景-CDN
配置语法:
Syntax: sendfile on | off;
Default: sendfile off;
Context:http,server,location, if in location
Syntax: tcp_nopush on | off; # 在sendfile开启的情况下(必要条件),提高网络包的传输效率,大文件场景建议打开
Default: tcp_nopush off;
Context: http,server,location
Syntax: tcp_nodelay on | off; #作用是在keepalive连接下(必要条件),提高网络包的传输实时性,建议在时效性比较强的场景下打开
Default: tcp_nodelay on;
Context: http,server, location
Syntax: gzip on | off; # 作用是:压缩传输,既可以减少带宽的资源,也可以减少文件的大小,增加文件的实时性
Default:gzip off;
Context:http,server,location,if in location
压缩如图
Syntax: gzip_comp_level level; # 压缩比
Default: gzip_comp_level 1;
Context: http,server,location;
Syntax: gzip_http_version 1.0|1.1;
Default: gzip_http_version 1.1;
Context: http,server,location
扩展Nginx压缩模块:
http_gzip_static_module:预读gzip功能
http_gunzip_module: 应用支持gunzip的压缩方式
>> vim /etc/nginx/conf.d/static_server.conf
server {
listen 8080;
server_name 192.168.205.10 phantom.wgw.com;
sendfile on;
#charset koi8-r;
access_log /var/log/nginx/host.access.log main;
1.
location ~ .*\.(jpg|gif|png)${
#gzip on;
#gzip_http_version 1.1;
#gzip_comp_level 2;
#gzip_types text/plain application/javascript application/x-javascript text/css appl
ication/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
root /opt/app/code/images;
}
location ~ .*\.*(txt|xml)${
#gzip on;
#gzip_http_version 1.1;
#gzip_comp_level 2;
#gzip_types text/plain application/javascript application/x-javascript text/css appl
ication/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
root /opt/app/code/doc;
}
location ~ ^/download{
# gzip_static on;
tcp_nopush on;
root /opt/app/code;
}
.......
>>nginx -s reload -c /etc/nginx/nginx.conf
访问查看在没有开启gzip的情况下,图片的大小
打开gzip查看
>>nginx -tc /etc/nginx/nginx.conf
>>nginx -s reload -c /etc/nginx/nginx.conf
1.3 浏览器缓存原理:
浏览器无缓存,如图:
浏览器有缓存,如图:
校验过期机制:
校验是否过期 Expires、Cache-Control(max-age)
协议中Etag头信息校验 Etag
Last-Modified头信息校验 Last-Modified
流程图如下:
1.5 Nginx对静态文件过期的设置:
配置语法-expires
原理:给客户端的response报文头信息里添加:Cache-Control,Expires头
Syntax: expires[modiied] time;
expires epoch | max | off;
Default: expires off;
Context: http,server,location, if in location
location ~ .*\.(htm|html)$ {
#expires 24h;
root /opt/LearnNginx/app/code;
}
>> nginx -s reload -c /etc/nginx/nginx.conf
1.6 跨站访问
如图:
为什么浏览器禁止跨站访问:
1.不安全,容易出现CSRF攻击!
Nginx怎么做:
Syntax: add_header name value[always];
Default: ---
Context: http,server,location,if in location
Access-Control-Allow-Origin
1.7 防盗链:
目的:防止资源被盗用
防盗链设置思路:
首要方式:区别哪些请求是非正常的用户请求
基于http_refer防盗链配置模块
Syntax:valid_referers none| blocked | server_names | string...;
Default:--
Context:server,location
location ~ .*\.(jpg|gif|png)$ {
gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
# 配置示例
valid_referers(表示允许哪些信息过来访问) none(表示允许没有带refer信息的过来) blocked(refer信息不是标准的http://) 192.168.205.10:8080(只允许这个ip访问)[还支持匹配的写法如:~/google\./];
# 当信息不满足上面的条件是$invalid_referer就会变成1
if ($invalid_referer){
return 403;
}
root /opt/LearnNginx/app/code/images;
}
引读:--with-file-ail # 异步文件读取
2.代理服务
客户端---请求-->代理---请求--->服务器
nginx代理服务如图:
正向、反向代理区别:
1. 代理的对象不一样
2.正向代理的对象是客户端
3.反向代理的对象是服务端
配置语法:
Syntax:proxy_pass URL; # url格式http(或者https)://localhost:8000/uri/ 或者 http://unix:/tmp/backend.socket:/uri/
Default: ---
Context:location,if in location,limit_except
示例:
fx_proxy.conf
server {
listen 8888;
server_name localhost phantom.wgw.com;
sendfile on;
#charset koi8-r;
access_log /var/log/nginx/static_access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ /test_proxy.html$ {
proxy_pass http://127.0.0.1:8080;
}
.....
realserver.conf
server {
listen 8080;
server_name localhost phantom.wgw.com;
sendfile on;
#charset koi8-r;
access_log /var/log/nginx/static_access.log main;
location / {
root /opt/LearnNginx/app/code2/;
index index.html index.html;
}
....
>> nginx -tc /etc/nginx/nginx.conf
>> nginx -s reload -c /etc/nginx/nginx.conf
>> netstat -luntp | grep nginx
正向代理配置场景:
admin.conf
location / {
if ($http_x_forwarded_for !~* "^192\.168\.205\.10"){
return 403;
}
root /opt/LearnNginx/app/code2/;
index index.html index.html;
}
tx_proxy.conf
resolver 8.8.8.8; # dns解析
location / {
proxy_pass http://$http_host$request_uri;
}
其他配置语法--缓冲区:
Syntax: proxy_buffering on | off;
Default: proxy_buffering on;
Context: http,server,location;
扩展:
proxy_buffer_size,proxy_buffers,proxy_busy_buffers_size
其他配置语法---跳转重定向:
Syntax:proxy_redirect default;
proxy_redirect off;proxy_redirect redirect replacement;
Default: proxy_redirect default;
Context: http,server,location
其他配置语法--头信息:
Syntax:proxy_set_header field value;
Default: proxy_set_header Host $proxy_host;
proxy_set_header Connection close;
Context: http,server,location
扩展:proxy_hide_header, proxy_set_body
其他配置语法--超时:
Syntax:proxy_connect_timeout time;
Default: proxy_connect_timeout 60s;
Context: http,server,location
扩展:proxy_read_timeout,proxy_send_timeout
fx_proxy.conf
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_ad
dr;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffer_size 32k;
proxy_buffering on;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
proxy_max_temp_file_size 256k;
}
eg:
server {
resolver 114.114.114.114; #指定DNS服务器IP地址
listen 80;
location / {
proxy_pass http://$http_host$request_uri; #设定代理服务器的协议和地址
proxy_set_header HOST $http_host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}
server {
resolver 114.114.114.114; #指定DNS服务器IP地址
listen 443;
location / {
proxy_pass https://$host$request_uri; #设定代理服务器的协议和地址
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}