49.Nginx防盗链 访问控制 解析php相关 代理服务器

最新推荐文章于 2022-04-19 16:09:38 发布
最新推荐文章于 2022-04-19 16:09:38 发布
阅读量120 收藏
点赞数
原文链接:https://my.oschina.net/u/3866192/blog/3078275
版权

12.13 Nginx防盗链

12.14 Nginx访问控制

12.15 Nginx解析php相关配置(502的问题)

12.16 Nginx代理

扩展

502问题汇总 http://ask.apelearn.com/question/9109

location优先级 http://blog.lishiming.net/?p=100

 

 

 

 

12.13 Nginx防盗链:

 

 

 

配置如下,可以和上面的配置结合起来

vim /usr/local/nginx/conf/vhost/test.com.conf

# location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ 把之前配置的过期时间注释掉。在第二个location开始写(因为同样用到了location)

# {

# expires 7d;

# access_log off;

# }

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ ~*不区分大小写

{

expires 7d; 过期时间是7天

valid_referers none blocked server_names *.test.com ; 关于防盗链的是这部分(意思是关于白名单的referer是什么)

if ($invalid_referer) { 意思是如果不是白名单的,就会返回403

return 403;

}

access_log off; 访问日志是不记录

}

 

 

实例:

[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf


server

{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;

    if ($host != 'test.com' ) {
        rewrite ^/(.*)$ http://test.com/$1 permanent;

    }
#    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
#    {
#          expires 7d;
#          access_log off;
#    }
     location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
     {

           expires 7d;
           valid_referers none blocked server_names *.test.com ;
           if ($invalid_referer) {
           return 403;
    }
           access_log off;
    }
     location ~ .*\.(js|css)$
    {
          expires 12h;
          access_log off;
    }
     access_log /tmp/test.com.log;
}

[root@localhost ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost ~]# curl -e "http://www.baidu.com/1.txt" -x127.0.0.1:80 -I test.com/1.php 测试防盗链,要指定referer

HTTP/1.1 403 Forbidden 指定referer为百度,跳转过来就是403

Server: nginx/1.8.0

Date: Wed, 15 Aug 2018 14:44:38 GMT

Content-Type: text/html

Content-Length: 168

Connection: keep-alive

HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Tue, 23 Jul 2019 09:24:14 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

[root@localhost ~]# curl -e "http://www.test.com/1.txt" -x127.0.0.1:80 -I test.com/1.php

HTTP/1.1 200 OK 指定referer为test.com跳转过来就是200 

Server: nginx/1.8.0

Date: Wed, 15 Aug 2018 14:43:29 GMT

Content-Type: image/gif

Content-Length: 19

Last-Modified: Tue, 14 Aug 2018 14:33:26 GMT

Connection: keep-alive

ETag: "5b72e836-13"

Expires: Wed, 22 Aug 2018 14:43:29 GMT

Cache-Control: max-age=604800

Accept-Ranges: bytes

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

12.14 Nginx访问控制:

 

 

 

 

平常在运维网站的时候,经常会有一些请求不正常或是故意的去做一些限制,比如有一些机密的不想让别人访问。就可以做一个白名单,只允许自己的公网IP或是公司的内部公网IP去访问

 

 

~~1.

需求:访问/admin/目录的请求,只允许某几个IP访问,配置如下:

~1.vim /usr/local/nginx/conf/vhost/test.com.conf

location /admin/

{

allow 192.168.133.1; 这个IP允许。跟apache有点区别,没有order。哪个在前哪个就优先生效。比如这个IP192.168.30.134访问过来,是allow(允许),就到此为止了,也就是允许的。不会再去执行下面的deny。而apache是谁在后最终执行的是哪一个

allow 127.0.0.1; 这个IP允许

deny all; 其他的全部deny(也就是以上两个IP是允许的,其他的都deny)

}

~2. mkdir /data/wwwroot/test.com/admin/

~3.echo “test,test”>/data/wwwroot/test.com/admin/1.html

~4.-t && -s reload

~5.curl -x127.0.0.1:80 test.com/admin/1.html -I

~6.curl -x192.168.133.130:80 test.com/admin/1.html -I

 

~~2.

可以匹配正则(也就是在能上传图片的目录里,禁止解析php):

~1.location ~ .*(upload|image)/.*\.php$ 只要是匹配upload的这个目录,以php结尾的

{

deny all; 满足以上条件的,全部deny

}

 

~~3.

根据user_agent限制(防止cc攻击。或是禁掉某些蜘蛛,不想被搜索掉,就可以把一些网站封掉,没有任何一个网站能爬到你的网站,就相当于你的网站被隐藏了一样)

~1.if ($http_user_agent ~* 'Spider/3.0|YoudaoBot|Tomato') 匹配(~)后面加*代表忽略大小写

{

return 403;

}

 

~~4. deny all和return 403效果一样(根据~~2与~~3里的配置语句)

 

 

 

 

实例:

~~1.

[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf

{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;

    if ($host != 'test.com' ) {
        rewrite ^/(.*)$ http://test.com/$1 permanent;

    }
#    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
#    {
#          expires 7d;
#          access_log off;
#    }
     location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
     {

           expires 7d;
           valid_referers none blocked server_names *.test.com ;
           if ($invalid_referer) {
           return 403;
    }
           access_log off;
    }
     location ~ .*\.(js|css)$
    {
          expires 12h;
          access_log off;
    }
    location /admin/
    {
        allow 192.168.30.134;
        allow 127.0.0.1;
        deny all;
    }
     access_log /tmp/test.com.log;
}

[root@localhost ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost ~]# curl -e "http://www.baidu.com" -x127.0.0.1:80 test.com/admin/index.html -I

HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Wed, 24 Jul 2019 10:15:14 GMT
Content-Type: text/html
Content-Length: 9
Last-Modified: Tue, 23 Jul 2019 06:24:06 GMT
Connection: keep-alive
ETag: "5d36a806-9"
Accept-Ranges: bytes

[root@localhost ~]# curl -e "http://www.baidu.com" -x192.168.30.134:80 test.com/admin/index.html -I

HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Wed, 24 Jul 2019 10:18:43 GMT
Content-Type: text/html
Content-Length: 9
Last-Modified: Tue, 23 Jul 2019 06:24:06 GMT
Connection: keep-alive
ETag: "5d36a806-9"
Accept-Ranges: bytes

~~2.

[root@localhost~]# vim /usr/local/nginx/conf/vhost/test.com.conf

    if ($host != 'test.com' ) {
        rewrite ^/(.*)$ http://test.com/$1 permanent;

    }
#    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
#          expires 7d;
#          access_log off;
#    }     
     location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
     {
     
           expires 7d;
           valid_referers none blocked server_names *.test.com ;
           if ($invalid_referer) {
           return 403;
           access_log off;
    }      
     location ~ .*\.(js|css)$
    {
          expires 12h;
          access_log off;
    }     
    location /admin/
    {
        allow 192.168.30.134;
        allow 127.0.0.1;
        deny all;   
}       
      location ~ .*(upload|image)/.*\.php$
    { 
        deny all;
    }   
      location ~ .*\.(js|css)$
    { 
           expires 12h;
           access_log off;
    }      
     access_log /tmp/test.com.log;
}

[root@localhost ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost ~]# curl -x127.0.0.1:80 test.com/upload/1.php -I

HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Tue, 23 Jul 2019 09:40:08 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

[root@localhost ~]# curl -x127.0.0.1:80 test.com/upload/1.txt -I

HTTP/1.1 200 OK 访问1.txt就可以。代表设置成功 

HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Wed, 24 Jul 2019 10:31:15 GMT
Content-Type: text/plain
Content-Length: 3
Last-Modified: Wed, 24 Jul 2019 10:27:32 GMT
Connection: keep-alive
ETag: "5d383294-3"
Accept-Ranges: bytes

~~3.

[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf

server

{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;

    if ($host != 'test.com' ) {
        rewrite ^/(.*)$ http://test.com/$1 permanent;

    }
#    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
#    {
#          expires 7d;
#          access_log off;
#    }
     location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
     {

           expires 7d;
           valid_referers none blocked server_names *.test.com ;
           if ($invalid_referer) {
           return 403;
    }
           access_log off;
    }
     location ~ .*\.(js|css)$
    {
          expires 12h;
          access_log off;
    }
    location /admin/
    {
        allow 192.168.30.134;
        allow 127.0.0.1;
        deny all;
}
      location ~ .*(upload|image)/.*\.php$
    {
        deny all;
    }
      location ~ .*\.(js|css)$
    {
           expires 12h;
           access_log off;
    }
     if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')

   {

          return 403;

   }
     access_log /tmp/test.com.log;
}

[root@localhost ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost ~]# curl -x127.0.0.1:80 test.com/upload/1.txt -I

HTTP/1.1 200 OK 现在是可以访问的 

Server: nginx/1.8.0

Date: Wed, 15 Aug 2018 15:49:40 GMT

Content-Type: text/plain

Content-Length: 9

Last-Modified: Wed, 15 Aug 2018 15:36:44 GMT

Connection: keep-alive

ETag: "5b74488c-9"

Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Wed, 24 Jul 2019 10:31:15 GMT
Content-Type: text/plain
Content-Length: 3
Last-Modified: Wed, 24 Jul 2019 10:27:32 GMT
Connection: keep-alive
ETag: "5d383294-3"
Accept-Ranges: bytes

[root@localhost ~]# curl -A "Tomatojlknkljn" -x127.0.0.1:80 test.com/upload/1.php -I -A模仿一个user_agent (不明白)

HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Tue, 23 Jul 2019 09:44:44 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

12.15 Nginx解析php相关配置:

 

 

!!!注意:php-fpm配置文件中sock的定义是什么,Nginx的sock就要是什么。不然会502

配置如下:

~1.

location ~ \.php$

{

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock; 这个地方需要注意!!在cat /usr/local/php-fpm/etc/php-fpm.conf里定义的“listen = /tmp/php-fcgi.sock”的路径写的是什么,在现在的这个地址里就要写什么,不然会502。也就是说,php-fpm定义的sock地址是什么,nginx的sock就要是什么,不然就会提示502

!还有一种可能会报502.是我们之前在定义php-fpm的时候sock的下面一行是不是定义了listen.mode=666权限

!除了以上两种,php-fpm的资源耗尽也会502。比如有个mysql查询的很慢,卡死了,就要去优化了

(~2的实例是为了证明php-fpm与Nginx的sock一致,此处与上面是整体的配置)

如果在php-fpm里的listen的sock是IP,那么这里就要写成 fastcgi_pass 192.168.30.134:9000

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;

注意:这里的路径/data/wwwroot/test.com要和上面的root路径对应起来

}

 

~3.

fastcgi_pass 用来指定php-fpm监听的地址或者socket

 

 

 

 

 

实例:

~1.

[root@localhost ~]# cat /usr/local/php-fpm/etc/php-fpm.conf

[global]

pid = /usr/local/php-fpm/var/run/php-fpm.pid

error_log = /usr/local/php-fpm/var/log/php-fpm.log

[www]

listen = /tmp/php-fcgi.sock 首先查看sock的路径

#listen = 127.0.0.1:9000

listen.mode = 666

user = php-fpm

group = php-fpm

[global]
pid = /usr/local/php-fpm/var/run/php-fpm.pid
error_log = /usr/local/php-fpm/var/log/php-fpm.log
[www]
listen = /tmp/php-fcgi.sock 
#listen = 127.0.0.1:9000 
listen.mode = 666 
user = php-fpm 
group = php-fpm
pm = dynamic 
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
rlimit_files = 1024

[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf

location ~ \.php$

{

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock; 跟上面的sock路径要是一样的

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;

}

   index index.html index.htm index.php;
    root /data/wwwroot/test.com;

    if ($host != 'test.com' ) {
        rewrite ^/(.*)$ http://test.com/$1 permanent;

    }
#    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
#    {
#          expires 7d;
#          access_log off;
#    }
     location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
     {

           valid_referers none blocked server_names *.test.com ;
           if ($invalid_referer) {
           return 403;
    }      
           access_log off;
    }      
     location ~ .*\.(js|css)$
    {
    location /admin/
        allow 192.168.30.134;
        allow 127.0.0.1;
        deny all;   
}       
      location ~ .*(upload|image)/.*\.php$
    { 
        deny all;
    }   
      location ~ .*\.(js|css)$
    { 
           expires 12h;
    location /admin/
        allow 192.168.30.134;
        allow 127.0.0.1;
        deny all;   
      location ~ .*(upload|image)/.*\.php$
    { 
        deny all;
server

    listen 80;
    index index.html index.htm index.php;
    
        rewrite ^/(.*)$ http://test.com/$1 permanent;
        
#    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
#    {
#          access_log off;
#    }     
     location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
     
           expires 7d;
           if ($invalid_referer) {
           return 403;
    }      
           access_log off;
    }      
     location ~ .*\.(js|css)$
    {
          expires 12h;
          access_log off;
    location /admin/
        allow 192.168.30.134;
        allow 127.0.0.1;
        deny all;   
      location ~ .*(upload|image)/.*\.php$
    { 
        deny all;
    }   
      location ~ .*\.(js|css)$
    { 
           expires 12h;
           access_log off;
    }      
     if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')
     
   { 
   
          return 403;
          
   }      
      location ~ \.php$
      
   {  
   
      include fastcgi_params;
      
      fastcgi_pass unix:/tmp/php-fcgi.sock;
      
      fastcgi_index index.php;
      
      fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
      
   }  
     access_log /tmp/test.com.log;
}

[root@localhost ~]# vim /data/wwwroot/test.com/1.php 先不reload,我们先vim一个php,做测试

[root@localhost ~]# curl -x192.168.30.134:80 test.com/1.php 发现并没有解析phpinfo()

<?php

phpinfo();

[root@localhost ~]# /usr/local/nginx/sbin/nginx -t 这时候我们在-t / -s reload

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost ~]# curl -x192.168.30.134:80 test.com/1.php 再curl发现可以解析了

test php scripts.

~2.

[root@localhost ~]# vim /usr/local/php-fpm/etc/php-fpm.conf 我们先更改php-fpm的sock监听为IP

[global]

pid = /usr/local/php-fpm/var/run/php-fpm.pid

error_log = /usr/local/php-fpm/var/log/php-fpm.log

[www]

#listen = /tmp/php-fcgi.sock 将之前的sock注释掉

listen = 127.0.0.1:9000 改为IP端口一般就为9000

[root@localhost ~]# /etc/init.d/php-fpm reload 把php-fpm重新加载(也支持reload)

[root@localhost ~]# /usr/local/php-fpm/sbin/php-fpm -t

[root@localhost ~]# /usr/local/nginx/sbin/nginx -t 把Nginx也重新加载

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost ~]# curl -x192.168.159.128:80 test.com/1.php 再来测试.php,就不能解析了

<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>

[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf

location ~ \.php$

{

include fastcgi_params;

#fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_pass 127.0.0.1:9000; 记得加分号,阿鑫在做的时候忘加,-t的时候导致报错

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;

}

[root@localhost ~]# /etc/init.d/php-fpm -t php-fpm测试和加载

Usage: /etc/init.d/php-fpm {start|stop|force-quit|restart|reload|status}

[root@localhost ~]# /etc/init.d/php-fpm reload

Reload service php-fpm done

[root@localhost ~]# /usr/local/nginx/sbin/nginx -t Nginx测试和加载

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost ~]# !curl php-fpm和Nginx全部修改之后,测试成功。解析成功

curl -x192.168.159.128:80 test.com/1.php 

 test php scripts.

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

12.16 Nginx代理:

 

 

比如,像访问一个服务器但是这个服务器只有一个私网,这是不可能访问到的。如果想访问有一个办法,有一个中间者,这个中间者有一个特性,和web服务器能互通也能和用户互通。那么就能作为Web服务器和用户之间的一个代理者。那么这个就是代理服务器,如下图:

应用在用户与Web服务器不能互通,或者互通太慢(比如访问美国的网站)的场景

 

~1. cd /usr/local/nginx/conf/vhost 需要配置一个新的虚拟主机配置文件

~2.vim proxy.conf //加入如下内容 名字叫做 proxy.conf

server

{

listen 80;

server_name ask.apelearn.com; 定义域名

没有root,因为是代理的,所以不需要

location /

{

proxy_pass http://61.153.96.141/; 真正的web服务器IP(也就是远程服务端,Web服务器的IP)

proxy_set_header Host $host; 要访问的域名是上面定义的server_name。也就是这里的$host是上面的server_name

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}

dig ask.apelearn.com

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> ask.apelearn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54835
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ask.apelearn.com.		IN	A

;; ANSWER SECTION:
ask.apelearn.com.	600	IN	A	61.153.96.141

;; AUTHORITY SECTION:
apelearn.com.		5619	IN	NS	f1g1ns2.dnspod.net.
apelearn.com.		5619	IN	NS	f1g1ns1.dnspod.net.

;; Query time: 169 msec
;; SERVER: 202.106.0.20#53(202.106.0.20)
;; WHEN: 四 7月 25 14:50:00 CST 2019
;; MSG SIZE  rcvd: 115

server

{

       listen 80;
       server_name  ask.apelearn.com;
       location /

   {

       proxy_pass http://61.153.96.141/;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

   }

}

[root@localhost vhost]# /usr/local/nginx/sbin/nginx -t 
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost vhost]# /usr/local/nginx/sbin/nginx -s reload

[root@localhost vhost]# curl -x127.0.0.1:80 ask.apelearn.com -I

HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Thu, 25 Jul 2019 06:45:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: ape__Session=b51tdgniem3l580shh0rfsq8o1; path=/; domain=.apelearn.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

 

转载于:https://my.oschina.net/u/3866192/blog/3078275

chym2015
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
同源策略禁止读取位于 https://bm.kehuoa.com/api/auth/login 的远程资源。
way1001的博客
05-31 3577
chrome报错 Access to XMLHttpRequest at ‘https://bm.kehuoa.com/api/auth/login’ from origin ‘https://www.kehuoa.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access cont...
详解Nginx防盗链Nginx访问控制Nginx解析php的配置
09-30
**一、Nginx防盗链配置** 防盗链功能主要是为了防止其他网站未经许可直接引用你的网站资源,例如图片、视频等,这可能导致你的服务器带宽被大量消耗。以下是一个Nginx防盗链的配置示例: ```nginx location ~* ^.+...
nginx反向代理只需加上这一串
lendedery的博客
04-19 837
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; error_log /dev/null; access_log /dev/null; } location ~ .*\.(js|css)?$ { expires 12h; error_log /dev/null; access_log /...
宝塔面板Nginx除/目录以外404问题
qq_41821881的博客
10-05 3947
直接在站点配置文件里加上下面代码就行 location ~ .*\.(js|css)?$     {         expires      12h;         error_log off;         access_log off;      }     location / {                 if (!-e $request_filen...
Nginx/Apache 对图片,css,js等优化,静态页面设置过期时间
风.foxwho(神秘狐)
11-08 5210
server{ ... location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d;#图片缓存30天}location ~ .*\.(js|css)?$ {expires 12h;#js css缓存12小时} ...}
解决宝塔面板Nginx代理完成后访问不到js、css的问题
droplife1995的博客
04-26 5545
解决宝塔面板Nginx代理完成后访问不到js、css的问题在主配置文件加入如下设置: 在主配置文件加入如下设置: 代码: #加载js等文件 location ~ .*.(js|css)?$ { expires 12h; error_log off; access_log off; } 如图: ...
Nginx高性能Web服务器实战教程
05-20
Nginx高性能Web服务器实战教程》是一本深入解析Nginx服务器的实用指南,旨在帮助读者掌握如何利用Nginx构建高效、稳定的Web服务环境。Nginx以其反向代理、负载均衡、静态文件处理等功能,以及轻量级、高性能的特性...
nginx场景配置与常见错误解析
11-12
#### 防盗链 - **原理**:检查HTTP请求头部的`Referer`字段,确保请求来源于指定的站点。 - **配置示例**: ```nginx location ~* \.(jpg|jpeg|png|gif|swf)$ { valid_referers none blocked $http_referer; if ...
苹果cms不显示视频图片 下载了 tu.php就可以解决
03-13
在部署苹果CMS前,你需要确保服务器上已经安装了PHP运行环境,比如PHP-FPM(FastCGI Process Manager)和Nginx或Apache服务器。同时,还要注意PHP的版本兼容性,因为不同版本的PHP可能支持的函数和特性有所不同,这...
Complete-NGINX-Cookbook-2019.zip
11-12
4. **静态文件服务**:阐述Nginx作为高效静态资源服务器的配置技巧,如缓存控制、GZIP压缩、防盗链设置等。 5. **HTTPS与SSL/TLS**:讲解如何配置Nginx支持HTTPS,包括证书安装、SNI支持、HSTS头设置以及TLS版本和...
详解 nginx location ~ .*\.(js|css)?$ 什么意思?
qq3163566的博客
01-06 4399
语法规则: location [=|~|~*|^~] /uri/ { … } = 开头表示精确匹配 ^~ 开头表示uri以某个常规字符串开头,理解为匹配 url路径即可。nginx不对url做编码,因此请求为/static/20%/aa,可以被规则^~ /static/ /aa匹配到(注意是空格)。 ~ 开头表示区分大小写的正则匹配 ~* 开头表示不区分大小写的正则匹配 !~和!~*分别为区分大小写不匹配及不区分大小写不匹配 的正则 / 通用匹配,任何请求都会匹配到。 多个location配置
PHPer常用到的 Nginx 配置
qq_34701838的博客
12-04 2557
伪静态配置 ① Laravel location / { try_files $uri $uri/ /index.php$is_args$query_string; } ② ThinkPhp location / { if (!-e $request_filename){ rewrite ^(.*)$ /index.php?s=$1 last; break; } } ③ Vue History location / { try_file
java控制台命令
lisa890608的专栏
11-24 1896
(一)            命令概览 javac:Java编译器,将Java源代码换成字节代 java:Java解释器,直接从类文件执行Java应用程序代码 appletviewer(小程序浏览器):一种执行HTML文件上的Java小程序类的Java浏览器 javadoc:根据Java源代码及其说明语句生成的HTML文档 jdb:Java调试器,可以逐行地执行程序、设置断点和检查变量
从服务器返回给浏览器的http状态码_常见的HTTP状态码
weixin_39603573的博客
10-22 1334
1XX系列响应代码仅在与HTTP服务器沟通时使用。100("Continue")这是对HTTP LBYL(look-before-you-leap)请求的一个可能的响应。该响应代码表明:客户端应重新发送初始请求,并在请求中附上第一次请求时未提供的(可能很大或者包含敏感信息的)表示。客户端这次发送的请求不会被拒绝。对LBYL请求的另一个可能的响应是417("Expectation Failed")。...
微信小程序授权登录接口tp3.2
weixin_42998455的博客
07-27 3165
后端PHP代码 public function xcxindex() { //获取code $option_data_str = file_get_contents("php://input"); $request = json_decode($option_data_str, true); $code = isset($request['code']) ? $request['code'] : 0; //获取地址携带的参数(如推荐人id等) $totalurl
谁知道这个是什么代码
热门推荐
toutouainia的博客
06-14 1万+
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=&pt_3rd_aid=209207&daid=383&pt_skey_valid=0&st账号 yle=35&s_url=http%3A%2F%2Fconnect.qq.com&refer_cgi=authorize&which=&client_id=209207&redirect_uri*=https://hwid1.vmall.com
VB客运中心汽车售票管理系统设计(论文+源代码).zip
08-18
计算机毕业设计资源包含(项目部署视频+源码+LW+开题报告等等),所有项目经过助教老师跑通,有问题可以私信博主解决,可以免费帮部署。
79种音乐体裁的歌曲音频数据集
最新发布
08-18
79种音乐体裁的歌曲音频数据集 数据说明: 所有数据都是通过使用“R” 有两个数据集艺术家-data.csv和歌词-data.csv,最初只有6个音乐流派的数据,但在上次更新时,从网站上删除了所有的歌词。
计算机毕业设计jsp高校信息资源共享平台论文
08-18
计算机毕业设计jsp高校信息资源共享平台论文
Nginx技术指南:配置与优化解析
八、Nginx防盗链 防止其他网站盗用你的资源,通常通过设置Referer检查实现。 九、Nginx expires 设置HTTP响应头中的Expires字段,实现静态资源的缓存,减少服务器压力。 十、Nginx访问控制 1. 身份验证:通过...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值