- 以下配置 全部都写在虚拟主机的配置文件中
用户认证
location ~ .*index\.php$ {
auth_basic "ztyztytzytzytzy";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
include fastcgi_params;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
.htpasswd文件由htpasswd工具生成
htpasswd -c /usr/local/nginx/conf/.htpasswd zhangty
htpasswd /usr/local/nginx/conf/.htpasswd qqq
域名跳转
server_name tyzz.com aaa.com bbb.com;
if ($host != 'tyzz.com')
{
rewrite ^/(.*)$ http://tyzz.com/$1 permanent;
}
不记录制定文件类型的日志
location ~ .*\.(gif|png|jpg)$
{
access_log off;
}
日志切割
nginx 没有自带的日志切割工具 通过脚本切割
cat /usr/sbin/nginx_log.sh
#!/bin/bash
DATE=`date -d "-1 day" +%F`
[ -d /tmp/nginx_log ] || mkdir /tmp/nginx_log
mv /tmp/tyzz.log /tmp/nginx_log/$DATE.log
/usr/local/nginx/sbin/nginx -s reload > /dev/null 2>&1
cd /tmp/nginx_log
gzip -f $DATE.log
设置静态文件过期时间(d 天 h 小时)
location ~ \.(js|css)
{
expires 1d;
}
配置防盗链
location ~ .*\.(gif|png|jpg)$
{
valid_referers none blocked tyzz.com;
if ($invalid_referer)
{
return 403;
}
}
访问控制
#黑名单
deny 127.0.0.1
#白名单
allow 127.0.0.1
deny from all
禁止指定user_agent访问
user agent中 含有指定字符的 禁止访问 403
if ($http_user_agent ~* 'curl|baidu|1111')
{
return 403;
}
代理和负载均衡
upstream zty{
server 220.181.111.188;
server 220.181.112.244;
}
server {
listen 80;
server_name www.baidu.com;
location / {
proxy_pass http://zty/;
proxy_set_header Host $host;
}
}