Nginx优化与防盗链
隐藏版本号信息
方法一:
[root@promote ~]# iptables -F
[root@promote ~]# setenforce 0
[root@promote ~]# yum install gcc gcc-c++ pcre pcre-devel zlib-devel -y
[root@promote ~]# cd /opt
[root@promote opt]# rz -E
rz waiting to receive.
[root@promote opt]# tar zxvf nginx-1.12.2.tar.gz
[root@promote opt]# cd nginx-1.12.2/
[root@promote nginx-1.12.2]# useradd -M -s /sbin/nologin nginx
[root@promote nginx-1.12.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@promote nginx-1.12.2]# make && make install
[root@promote nginx-1.12.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@promote nginx-1.12.2]# vim /etc/init.d/nginx
#!/bin/bash
#chkconfig: - 99 20
#description Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@promote nginx-1.12.2]# chmod +x /etc/init.d/nginx
[root@promote nginx-1.12.2]# service nginx start
[root@promote nginx-1.12.2]# netstat -ntap | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13235/nginx: master
[root@promote nginx-1.12.2]# curl -I http://192.168.169.100
HTTP/1.1 200 OK
Server: nginx/1.12.2 ##版本号信息
Date: Mon, 10 Aug 2020 09:21:09 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 10 Aug 2020 09:08:55 GMT
Connection: keep-alive
ETag: "5f310ea7-264"
Accept-Ranges: bytes
[root@promote nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
[root@promote nginx-1.12.2]# service nginx stop
[root@promote nginx-1.12.2]# service nginx start
[root@promote nginx-1.12.2]# curl -I http://192.168.169.100
HTTP/1.1 200 OK
Server: nginx ##版本号信息没了
Date: Mon, 10 Aug 2020 09:25:51 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 10 Aug 2020 09:08:55 GMT
Connection: keep-alive
ETag: "5f310ea7-264"
Accept-Ranges: bytes
方法二:
[root@promote ~]# iptables -F
[root@promote ~]# setenforce 0
[root@promote ~]# yum install gcc gcc-c++ pcre pcre-devel zlib-devel -y
[root@promote ~]# cd /opt/
[root@promote opt]# rz -E
rz waiting to receive.
[root@promote opt]# tar zxvf nginx-1.12.2.tar.gz
[root@promote nginx-1.12.2]# vim /opt/nginx-1.12.2/src/core/nginx.h
[root@promote nginx-1.12.2]# useradd -M -s /sbin/nologin nginx
[root@promote nginx-1.12.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@promote nginx-1.12.2]# make && make install
[root@promote nginx-1.12.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@promote nginx-1.12.2]# nginx ##开启服务
[root@promote nginx-1.12.2]# curl -I http://192.168.169.200
HTTP/1.1 200 OK
Server: nginx/1.1.2 ##版本信息改变了
Date: Mon, 10 Aug 2020 09:38:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 10 Aug 2020 09:37:03 GMT
Connection: keep-alive
ETag: "5f31153f-264"
Accept-Ranges: bytes
配置nginx网页缓存时间
[root@promote nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
[root@promote nginx-1.12.2]# cd /usr/local/nginx/html/
[root@promote html]# ls
50x.html index.html
[root@promote html]# rz -E ##把图片拖进去
rz waiting to receive.
[root@promote html]# vim index.html
[root@promote html]# service nginx stop
[root@promote html]# service nginx start
nginx的日志切割
[root@promote html]# cd /opt
[root@promote opt]# vim fenge.sh
1 #!/bin/bash
2 #Filename:fenge.sh
3 d=$(date -d "-1 day" "+%Y%m%d")
4 #设置日期名称
5 logs_path="/var/log/nginx"
6 pid_path="/usr/local/nginx/logs/nginx.pid"
7 #自动创建日志目录
8 [ -d $logs_path ] || mkdir -p $logs_path
9 #分割日志
10 mv /usr/local/nginx/logs/access.log ${logs_path}/test.com-access.log-$d
11 #生成新日志
12 kill -HUP $(cat $pid_path)
13 #删除30天前的日志
14 find $logs_path -mtime +30 | xargs rm -rf
~
[root@promote opt]# chmod +x fenge.sh
[root@promote log]# ls nginx/
test.com-access.log-20200809
[root@promote log]# date -s 08/11/20 ##修改日期
2020年 08月 11日 星期二 00:00:00 CST
[root@promote opt]# ./fenge.sh ##再次执行脚本文件
[root@promote opt]# ls /var/log/nginx/ ##刚刚修改的日期就会呈现出来
test.com-access.log-20200809 test.com-access.log-20200810
[root@promote opt]# crontab -e ##添加到周期性计划任务当中
小知识
在linux操作系统中,每个文件都有很多的时间参数,其中有三个比较主要,分别是ctime,atime,mtime
Modification time(mtime):
当修改文件的内容数据的时候,就会更新这个时间,而更改权限或者属性,mtime不会改变,这就是和ctime的区别
Status time(ctime):
当修改文件的权限或者属性的时候,就会更新这个时间,ctime并不是create time,更像是change time,只有当更新文件的属性或者权限的时候才会更新这个时间,但是更改内容的话是不会更新这个时间
Accesstime(atime)
当使用这个文件的时候就会更新这个时间
连接超时
[root@promote opt]# vim /usr/local/nginx/conf/nginx.conf
网页压缩
[root@promote opt]# vim /usr/local/nginx/conf/nginx.conf
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain application/x-javascript text/css image/jpg image/jpeg image/pn
g image/gif application/xml text/javascript application/x-http-php application/javascrip
t application/json;
gzip_disable "MSIE[1-6]\.";
gzip_vary on;
[root@localhost opt]# nginx -t ##测试语法正确
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost opt]# cd /usr/local/nginx/html/
[root@localhost html]# ls
50x.html index.html timg.jpg
[root@localhost html]# service nginx stop
[root@localhost html]# service nginx start
防盗链
[root@promote ~]# iptables -F
[root@promote ~]# setenforce 0
[root@promote ~]# yum install gcc gcc-c++ pcre pcre-devel zlib-devel -y
[root@promote ~]# useradd -M -s /sbin/nologin nginx
[root@promote ~]# cd /opt
[root@promote opt]# rz -E
rz waiting to receive.
[root@promote opt]# tar zxvf nginx-1.12.2.tar.gz
[root@promote opt]# cd nginx-1.12.2/
[root@promote nginx-1.12.2]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@promote nginx-1.12.2]# make && make install
[root@promote nginx-1.12.2]# cd /etc/init.d/
[root@promote init.d]# vim nginx
#!/bin/bash
#chkconfig: - 99 20
#description Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@promote init.d]# chmod +x nginx
[root@promote init.d]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@promote init.d]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@promote init.d]# service nginx start
[root@promote init.d]# cd /usr/local/nginx/html/
[root@promote html]# rz -E
rz waiting to receive.
[root@promote html]# vim index.html
[root@promote html]# yum install bind -y
[root@promote html]# vim /etc/named.conf
[root@promote html]# vim /etc/named.rfc1912.zones
[root@promote named]# cp -p named.localhost kgc.com.zone
[root@promote named]# vim kgc.com.zone
[root@promote named]# systemctl start named
在另一个上面做盗链
[root@promote ~]# iptables -F
[root@promote ~]# setenforce 0
[root@promote ~]# yum install httpd -y
[root@promote ~]# vim /etc/httpd/conf/httpd.conf
[root@promote ~]# cd /var/www/html/
[root@promote html]# vim index.html
[root@promote html]# echo "nameserver 192.168.169.100" > /etc/resolv.conf
[root@promote html]# systemctl start httpd
在官网上做防盗链
[root@promote named]# vim /usr/local/nginx/conf/nginx.conf
location ~*\.(jpg|gif|swf)$ {
valid_referers none blocked *.kgc.com kgc.com;
if ( $invalid_referer ) {
rewrite ^/ http://www.kgc.com/error.png;
}
}
[root@promote named]# cd /usr/local/nginx/html/
[root@promote html]# rz -E
rz waiting to receive.
[root@promote html]# ls
50x.html error.png index.html timg.jpg
[root@promote html]# service nginx stop
[root@promote html]# service nginx start