nginx用户认证
cd /usr/local/nginx/conf/vhosts
vim 123.conf
写入
server
{
listen 80;
server_name aming.com;
index index.php index.html index.htm;
root /data/123;
location ~ .*admin\.php$ {
auth_basic "ruirui auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
}
保存后,设置用户
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx reload
/usr/local/apache2.4/bin/htpasswd -c /usr/local/nginx/conf/.htpasswd user
如果没有htpasswd工具
yum install -y hpptd
nginx域名跳转
cd /usr/local/nginx/conf/vhosts
vim 123.conf
写入
server
{
listen 80;
server_name aming.com. 123.com 456com;
if ($host != 'aming.com')
{
rewrite ^/(.*)$ http://aming.com/$1 permanent;
}
index index.php index.html index.htm;
root /data/123;
location ~ .*admin\.php$ {
auth_basic "ruirui auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
}
保存后,
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx reload
nginx不记录指定文件类型日志
先看住配置文件
vim /usr/local/nginx/conf/nginx.conf
找到定义日志格式
log_format ruirui '$remote_addr $http_x_forwarded_for [$time_local]'
'$host "$request_uri" $status'
'"$http_referer" "$http_user_agent"';
ruirui:日志格式名字
$remote_addr:远程IP
$http_x_forwarded_for:代理IP
[$time_local]':时间
'$host 域名
$request_uri:地址链接
$status':状态码
"$http_referer:
$http_user_agent"';
保存
用配置好的日志格式
vim /usr/local/nginx/conf/vhosts/123.conf
server
{
listen 80;
server_name aming.com 123.com 456.com;
if ($host != 'aming.com')
{
rewrite ^/(.*)$ http://aming.com/$1 permanent;
}
index index.php index.html index.htm;
root /data/123;
access_log /tmp/ruirui_access.log ruirui;
location ~ .*admin\.php$ {
auth_basic "ruirui auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
access_log off;
}
location ~ (static|cache)
{
access_log off;
}
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
}
保存!注意location是有先后顺序的
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx reload
nginx日志切割
vim /usr/local/nginx/sbin/nginx_logrotate.sh
#!/bin/bash
d=`date -d "-1 day" +%F`
[ -d /tmp/nginx_log ] || mkdir /tmp/nginx_log
mv /tmp/ruirui_access.log /tmp/nginx_log/$d.log
/etc/init.d/nginx reload 2> /dev/null
cd /tmp/nginx_log/
gzip -f $d.log
保存,执行
sh -x /usr/local/nginx/sbin/nginx_logrotate.sh
将切割文件放入计划任务中
nginx配置静态文件过期时间
vim /usr/local/nginx/conf/vhosts/123.conf
location ~ .*admin\.php$ {
auth_basic "ruirui auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
access_log off;
expires 15d;
}
location ~ \.(js|css)
{
access_log off;
expires 2h;
}
location ~ (static|cache)
{
access_log off;
}
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
}
保存
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx reload
2.2 nginx配置防盗链
vim /usr/local/nginx/conf/vhosts/123.conf
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
{
access_log off;
expires 10d;
valid_referers none blocked *.aming.com *.123.com;
if ($invalid_referer)
{
return 403;
}
}
保存
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx reload
2.3 nginx访问控制
vim /usr/local/nginx/conf/vhosts/123.conf
白名单设置
location ~ .*admin\.php$ {
allow 127.0.0.1;
deny all;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
黑名单
location ~ .*admin\.php$ {
deny 127.0.0.1;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/qqq.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/123$fastcgi_script_name;
}
upload图片文件下禁止解析php
location ~ .*upload/.*\.php$
{
deny all;
}
根据user_agent限制
if(¥http_user_agent~*'Spider/3.0|YoudaoBOT|Tomato')
{
return 430
}
deny all 和return 430效果一样
保存
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx reload
2.4 nginx禁止指定user_agent
vim /usr/local/nginx/conf/vhosts/123.conf
if ($http_user_agent ~* 'curl|Mozilla|baidu|taobao')
{
return 403;
}
注:~*不区分大小写
保存
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx reload
2.5 nginx代理详解
cd /usr/local/nginx/conf/vhosts/
vim proxy.conf
单个机器
server {
listen 80;
server_name www.baidu.com;
location / {
proxy_pass http://14.215.177.38/;
# proxy_set_header Host $host;
}
}
多个机器实现负载均衡
vim proxy.conf
upstream aming{
server 14.215.177.37:80;
server 14.215.177.38:80;
}
server {
listen 80;
server_name www.baidu.com;
location / {
proxy_pass http://aming/;
proxy_set_header Host $host;
}
}
保存
/usr/local/nginx/sbin/nginx -t
/etc/init.d/nginx reload
curl -x127.0.0.1:80 www.baidu.com 测试
转载于:https://blog.51cto.com/632566481/1954378