隐藏版本号
方法一(修改配置文件)
[ root@localhost / ] # vim / usr/ local/ nginx/ conf/ nginx. conf
20 server_tokens off; 【添加一行,关闭版本号】
[ root@localhost / ] # systemctl restart nginx. service
[ root@localhost / ] # curl - i http: / / 192.168 .131 .14
HTTP/ 1.1 200 OK
Server: nginx 【不显示版本号】
Date: Tue, 06 Apr 2021 10 : 36 : 32 GMT
Content- Type: text/ html
Content- Length: 612
Last- Modified: Tue, 30 Mar 2021 02 : 43 : 22 GMT
Connection: keep- alive
ETag: "6062904a-264"
Accept- Ranges: bytes
方法二(修改源码文件,重新编译安装)
[ root@localhost / ] # vim / opt/ nginx- 1.12 .2 / src/ core/ nginx. h
13 #define NGINX_VERSION "5514" 【修改版本号】
14 #define NGINX_VER "apache/" NGINX_VERSION 【修改服务器类型】
[ root@localhost / ] # cd / opt/ nginx- 1.12 .2 /
[ root@localhost nginx- 1.12 .2 ] # . /configure \
> -- prefix= / usr/ local/ nginx \
> -- user= nginx \
> -- group= nginx \
> -- with- http_stub_status_module
[ root@localhost nginx- 1.12 .2 ] # make - j4 && make install
[ root@localhost nginx- 1.12 .2 ] # vim / usr/ local/ nginx/ conf/ nginx. conf
17 http {
18 include mime. types;
19 default_type application/ octet- stream;
20 server_tokens on; 【将之前的OFF关闭改成ON打开,或者直接删除也可】
[ root@localhost nginx- 1.12 .2 ] # systemctl restart nginx. service
[ root@localhost nginx- 1.12 .2 ] # curl - I http: / / 192.168 .131 .14
HTTP/ 1.1 200 OK
Server: apache/ 5514
Date: Tue, 06 Apr 2021 10 : 51 : 09 GMT
Content- Type: text/ html
Content- Length: 612
Last- Modified: Tue, 30 Mar 2021 02 : 43 : 22 GMT
Connection: keep- alive
ETag: "6062904a-264"
Accept- Ranges: bytes
修改用户与组
[ root@localhost nginx- 1.12 .2 ] # vim / usr/ local/ nginx/ conf/ nginx. conf
2 user nginx nginx; 【取消注释,修改用户为nginx,组为nginx】
[ root@localhost nginx- 1.12 .2 ] # systemctl restart nginx. service
[ root@localhost nginx- 1.12 .2 ] # ps aux | grep nginx
root 5950 0.0 0.0 20500 628 ? Ss 18 : 57 0 : 00 nginx: master process / usr/ local/ nginx/ sbin/ nginx
nginx 5951 0.0 0.0 22948 1408 ? S 18 : 57 0 : 00 nginx: worker process
root 5976 0.0 0.0 112676 984 pts/ 0 S+ 18 : 58 0 : 00 grep -- color= auto nginx
【主进程由root创建,子进程由nginx创建】
缓存时间
[ root@localhost nginx- 1.12 .2 ] # vim / usr/ local/ nginx/ conf/ nginx. conf
43 location ~ \. ( gif| png| jpg| bmp| html) $ {
44 root html;
45 expires 7d ;
46 }
[ root@localhost nginx- 1.12 .2 ] # cd / usr/ local/ nginx/ html/
[ root@localhost html] # rz - E 【直接拖一个文件到html目录下】
rz waiting to receive.
[ root@localhost html] # ls
50 x. html bbs index. html index. php tea. jpg
[ root@localhost html] # echo "192.168.131.14 www.qz.com" >> / etc/ hosts
浏览器验证
日志切割
[ root@localhost nginx] # vim / opt/ fg. sh
[ root@localhost nginx] # chmod + x / opt/ fg. sh
[ root@localhost / ] # . /opt/ fg. sh
[ root@localhost nginx] # ls / var/ log/ nginx/
qz. com- access. log- 20210405 【本机当天为20210406 ,所以这里显示前一天时间20210405 】
[ root@localhost nginx] # ls / usr/ local/ nginx/ logs/ access. log
/ usr/ local/ nginx/ logs/ access. log
#! / bin/ bash
# Filename: fg. sh
day= $( date - d "-1 day" "+%Y%m%d" ) 【显示前一天的时间】
logs_path= "/var/log/nginx" 【日志分隔后保存路径】
pid_path= "/usr/local/nginx/logs/nginx.pid" 【pid文件路径】
[ - d $logs_path ] || mkdir - p $logs_path 【创建日志文件目录】
mv / usr/ local/ nginx/ logs/ access. log ${ logs_path} / qz. com- access. log- $day 【移动并重命名日志文件】
kill - USR1 $( cat $pid_path) 【重新新建日志文件】
find $logs_path - mtime + 60 - exec rm - rf { } \; 【删除30 天之前的日志文件】
#find $logs_path - mtime + 60 | xargs rm - rf 【此删除方法需加上xargs进行传参】
[ root@localhost / ] # crontab - e
no crontab for root - using an empty one
15 0 * * * / opt/ fg. sh 【每天凌晨0 : 15 自动执行脚本】
三个比较主要的时间参数
连接超时
[ root@localhost / ] # vim / usr/ local/ nginx/ conf/ nginx. conf
17 http {
18 keepalive_timeout 30 300 ; 【此选项在配置文件中只可出现一次,否则重启服务时将报错】
19 client_header_timeout 100 ;
20 client_body_timeout 100 ;
[ root@localhost / ] # systemctl restart nginx. service
[ root@localhost / ] # systemctl restart nginx. service
Job for nginx. service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[ root@localhost / ] # vim / var/ log/ messages
Apr 6 19 : 54 : 07 localhost nginx: nginx: [ emerg] "keepalive_timeout" directive is duplicate in / usr/ local/ nginx/ conf/ nginx. conf: 34
三个超时选项概述
更改进程数
[ root@localhost / ] # cat / proc/ cpuinfo | grep - c "physical id" 【查看cpu核数】
4
[ root@localhost / ] # ps aux | grep nginx 【查看nginx主进程中含几个子进程】
root 10409 0.0 0.0 20500 628 ? Ss 19 : 54 0 : 00 nginx: master process / usr/ local/ nginx/ sbin/ nginx
【master为主进程】
nginx 10410 0.0 0.0 22948 1408 ? S 19 : 54 0 : 00 nginx: worker process
【worker为工作进程】
root 11152 0.0 0.0 112676 980 pts/ 0 S+ 21 : 10 0 : 00 grep -- color= auto nginx
3 worker_processes 4 ; 【修改为核数相同或者2 倍】
4 worker_cpu_affinity 01 10 ;
【设置每个进程由不同cpu处理。有多少个核,就有几位数,1 表示该内核开启,0 表示该内核关闭】
【例如进程数为4 时0001 0010 0100 1000 ;0101 表示开启第一个和第三个内核,1010 表示开启第二个和第四个内核】
【worker_processes最多开启8 个,8 个以上性能提升不会再提升了,而且稳定性变得更低,所以8 个进程够用了。】
[ root@localhost / ] # systemctl restart nginx. service
[ root@localhost / ] # ps aux | grep nginx
root 11327 0.0 0.0 20500 624 ? Ss 21 : 20 0 : 00 nginx: master process / usr/ local/ nginx/ sbin/ nginx
nginx 11328 0.0 0.0 22948 1408 ? S 21 : 20 0 : 00 nginx: worker process
nginx 11329 0.0 0.0 22948 1408 ? S 21 : 20 0 : 00 nginx: worker process
root 11331 0.0 0.0 112676 980 pts/ 0 S+ 21 : 21 0 : 00 grep -- color= auto nginx
配置网页压缩
[ root@localhost / ] # vim / usr/ local/ nginx/ conf/ nginx. conf
37 gzip on; 【取消注释,开启gzip压缩功能】
38 gzip_min_length 2 k; 【最小压缩文件大小为2 k】
39 gzip_buffers 4 64 k; 【压缩缓冲区,大小为4 个64 k缓冲区】
40 gzip_http_version 1.1 ; 【压缩版本(默认1.1 ,前端如果是squid2. 5 则使用1.0 )】
41 gzip_comp_level 6 ;
【压缩比率,可为1 (压缩速度最快,压缩质量最低)至9 (压缩速度最慢,压缩率最高)之间的整数,默认为6 (速度和质量都较为平衡的一个值)】
42 gzip_vary on; 【支持前端缓存服务器存储压缩页面】
43 gzip_types text/ plain text/ javascript application/ x- javascript text/ css text/ xml application/ x ml application/ xml+ rss image/ jpg image/ jpeg image/ png image/ gif application/ x- httpd- php applicatio n/ javascript application/ json;
【压缩类型,表示哪些网页文档启用压缩功能】
【将tea. jpg文件传到/ usr/ local/ nginx/ html/ 目录下】
[ root@localhost / ] # ls / usr/ local/ nginx/ html/
50 x. html bbs index. html index. html. bak index. php tea. jpg
[ root@localhost / ] # vim / usr/ local/ nginx/ html/ index. html
4 < img src= "tea.jpg" / > 【网页中插入图片】
浏览器验证
防盗链配置
45 server {
46 location ~ * \. ( jpg| gif| swf) $ {
47 valid_referers * . qz. com qz. com;
48 if ( $invalid_referer ) {
49 rewrite ^ / http: / / www. qz. com/ fuck. png;
50 #return 403 ;
51 }
52 }
[ root@www ~ ] # vim / usr/ local/ nginx/ html/ index. html
4 < img src= "tea.jpg" / >
[ root@www ~ ] # echo "192.168.131.13 www.q.com" >> / etc/ hosts
[ root@www ~ ] # echo "192.168.131.14 www.qz.com" >> / etc/ hosts
[ root@www ~ ] # cat / etc/ hosts
127.0 .0 .1 localhost localhost. localdomain localhost4 localhost4. localdomain4
: : 1 localhost localhost. localdomain localhost6 localhost6. localdomain6
192.168 .131 .14 www. qz. com
192.168 .131 .13 www. q. com
[ root@localhost / ] # vim / usr/ local/ nginx/ html/ index. html
4 < img src= "http://www.qz.com/tea.jpg" / >
[ root@localhost / ] # echo "192.168.131.14 www.qz.com" >> / etc/ hosts
[ root@localhost / ] # echo "192.168.131.13 www.q.com" >> / etc/ hosts
[ root@localhost / ] # cat / etc/ hosts
127.0 .0 .1 localhost localhost. localdomain localhost4 localhost4. localdomain4
: : 1 localhost localhost. localdomain localhost6 localhost6. localdomain6
192.168 .131 .14 www. qz. com
192.168 .131 .13 www. q. com
在盗图的主机上进行浏览器验证
fpm参数优化
[ root@www ~ ] # vim / usr/ local/ php/ etc/ php- fpm. conf
17 pid = run/ php- fpm. pid
[ root@www ~ ] # vim / usr/ local/ php/ etc/ php- fpm. d/ www. conf
96 pm = dynamic 【修改96 行(fpm进程启动方式,dynamic代表动态的)】
107 pm. max_children = 18 【修改107 行(fpm进程启动的最大进程数)】
117 pm. min_spare_servers = 4 【修改117 行(动态方式下启动时默认开启的进程数,在最小和最大之间)】
122 pm. max_spare_servers = 6 【修改122 行(动态方式下最大空闲进程数)】
[ root@localhost / ] # / usr/ local/ php/ sbin/ php- fpm - c / usr/ local/ php/ lib/ php. ini
[ root@localhost / ] # kill - USR2 `cat / usr/ local/ php/ var/ run/ php- fpm. pid`
【查看pid号重启php- fpm】
[ root@localhost / ] # netstat - natp | grep 9000
tcp 0 0 127.0 .0 .1 : 9000 0.0 .0 .0 : * LISTEN 3012 / php- fpm: maste