文章目录
1. nginx限流
1.1 控制单ip并发连接数
[root@server11 ~]# cd /usr/local/nginx/conf/
[root@server11 conf]# vim nginx.conf
limit_conn_zone $binary_remote_addr zone=addr:10m;
##$binary_remote_addr 表示通过remote_addr这个标识来做限制
##zone=addr:10m 表示生成一个大小为10M,名字为addr的内存区域
location /download/ {
limit_conn addr 1; #限制并发数
limit_rate 50k; #限制带宽
}
[root@server11 conf]# cd ..
[root@server11 nginx]# cd html/
[root@server11 html]# mkdir download
[root@server11 html]# cd download/
[root@server11 download]# ls
vim.jpg
[root@server11 download]# du -h vim.jpg
444K vim.jpg
[root@server11 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server11 download]# nginx -s reload
[root@foundation ~]# ab -c 10 -n 10 http://192.168.0.11/download/vim.jpg ##压力测试,-c指定并发数,-n指定请求数
[root@foundation ~]# ab -c1 -n1 http://192.168.0.11/download/vim.jpg
配置文件前所有任务都可以正常完成,失败请求数为0。
limit_conn addr 1; #限制并发数,当超过并发数量时,会失败
1.2 限制带宽
limit_rate 50k; #限制带宽
1.3 限制单位时间内的请求数目,以及速度限制
burst 让其等待,不等待则之后只能处理一个
nodelay : 没进入消息队列的不处理
[root@server11 conf]# vim nginx.conf
[root@server11 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server11 conf]# nginx -s reload
[root@foundation ~]# ab -c1 -n 10 http://192.168.0.11/download/vim.jpg
rate=1r/s表示允许相同标识的客户端的访问频次,这里限制的是每秒1次
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req zone=one
limit_req zone=one burst=5; ##limit_req zone=one 只能处理一个 传输5个 让没处理的先待在消息队列等待处理,直至全部处理
limit_req zone=one burst=5 nodelay;##一个正在处理,等5个,设置的加压处理的个数总数为10个,所有还有4个并未被处理
2. 常用命令
2.1 自动索引
自动索引:下载方便
[root@server11 conf]# vim nginx.conf
[root@server11 conf]# nginx -s reload
autoindex on;
2.2 Nginx expire缓存配置
Nginx expire缓存配置: 缓存可以降低网站带宽,加速用户访问
[root@server11 conf]# vim nginx.conf
location ~ .*\.(gif|jpg|png)$ {
expires 365d; ##缓存有效时长
root html;
}
[root@server11 conf]# nginx -s reload
[root@foundation ~]# curl -I http://192.168.0.11/download/vim.jpg
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 07 Apr 2021 11:04:14 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Wed, 07 Apr 2021 09:45:54 GMT
Connection: keep-alive
ETag: "606d7f52-6ebc7"
Expires: Thu, 07 Apr 2022 11:04:14 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
2.3 日志轮询
日志轮询功能可以实现打包保存之前的日志的功能
[root@server11 logs]# cd /opt/
[root@server11 opt]# ls
[root@server11 opt]# vim nginx_log.sh
#!/bin/bash
cd /usr/local/nginx/logs && mv access.log access_$(date +%F -d -1day).log ##日志文件重命名
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid` ##重载日志
[root@server11 opt]# chmod +x nginx_log.sh
[root@server11 opt]# ./nginx_log.sh
[root@server11 opt]# cd /usr/local/nginx/logs/
[root@server11 logs]# ll
total 164
-rw-r--r-- 1 root root 87260 Apr 7 19:04 access_2021-04-06.log ##生成新的日志文件
-rw-r--r-- 1 nginx root 0 Apr 7 19:10 access.log
-rw-r--r-- 1 nginx root 72817 Apr 7 19:04 error.log
-rw-r--r-- 1 root root 5 Apr 7 14:15 nginx.pid
禁用不必要的日志记录,以节省磁盘IO的消耗
[root@server11 conf]# vim nginx.conf
access_log off;
[root@server11 conf]# nginx -s reload
[root@server11 conf]# cd ..
[root@server11 nginx]# cd logs/
[root@server11 logs]# ls
access_2021-04-06.log access.log error.log nginx.pid
[root@server11 logs]# cat access.log
访问指定链接内容的时候不记录日志
curl -I http://172.25.10.1/download/vim.jpg 访问的时候,access.log不计入
2.4 站点目录和文件的限制
[root@server11 conf]# vim nginx.conf
deny 192.168.0.100;
[root@server11 conf]# nginx -s reload
[root@foundation ~]# wget http://192.168.0.11/download/vim.jpg
--2021-04-07 19:24:04-- http://192.168.0.11/download/vim.jpg
Connecting to 192.168.0.11:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-04-07 19:24:04 ERROR 403: Forbidden.
2.5 限制IP
[root@server11 conf]# vim nginx.conf
62 deny all;
[root@server11 conf]# nginx -s reload
[root@server11 conf]# vim nginx.conf
61 allow 192.168.0.100;
[root@server11 conf]# nginx -s reload
2.6 解决中文乱码
[root@server11 nginx]# cd html/
[root@server11 html]# vim index.html
[root@server11 conf]# vim nginx.conf
charset utf-8;
[root@server11 conf]# nginx -s reload
3. nginx 重定向
3.1 防止域名恶意解析到服务器IP
[root@server11 conf]# vim nginx.conf
server {
listen 80;
server_name localhost;
return 500;
[root@server11 conf]# nginx -s reload
3.2 永久重定向
[root@server11 conf]# vim nginx.conf
rewrite ^(.*) http://www.westos.org permanent;
[root@server11 conf]# nginx -s reload
[root@foundation ~]# curl -I 192.168.0.11
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0
Date: Wed, 07 Apr 2021 12:20:30 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.westos.org
3.3 80重定向443
[root@server11 conf]# vim nginx.conf
rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
[root@server11 conf]# nginx -s reload
3.4 www.westos.org/bbs 重定向bbs.westos.org
同一台主机,不同域名之间的重定向:
[root@foundation ~]# vim /etc/hosts
192.168.0.11 server11 www.westos.org www.linux.org bbs.westos.org ##添加解析
[root@server11 conf]# vim nginx.conf
server {
listen 80;
server_name www.linux.org;
rewrite ^/bbs$ http://bbs.linux.org permanent; ##如果后面含有bbs,则返回bbs.linux.org的测试页面
location / {
root /web1;
index index.html;
}
}
server {
listen 80;
server_name bbs.linux.org;
location / {
root /bbs;
index index.html;
}
}
}
[root@server11 conf]# nginx -s reload
[root@server11 conf]# mkdir /bbs
[root@server11 conf]# echo bbs.linux.org > /bbs/index.html
[root@server11 conf]# echo www.linux.org > /web1/index.html ##编写测试页
[root@foundation ~]# curl www.linux.org
www.linux.org
[root@foundation ~]# curl bbs.linux.org
bbs.linux.org
[root@foundation ~]# curl -I www.linux.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0
Date: Wed, 07 Apr 2021 12:37:01 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://bbs.linux.org
或者
rewrite ^/bbs/(.*)$ http://bbs.linux.org/$1 permanent; ##bbs后面跟什么就访问什么页面
3.5 bbs.westos.org 重定向www.westos.org/bbs
[root@server11 conf]# cd /web1/
[root@server11 web1]# mv /bbs/ .
[root@server11 web1]# ls
bbs index.html
[root@server11 web1]# cd -
/usr/local/nginx/conf
[root@server11 conf]# vim nginx.conf
server_name www.linux.org bbs.linux.org;
if ($host = "bbs.linux.org"){
rewrite ^/(.*)$ http://www.linux.org/bbs/$1 permanent;
}
[root@server11 conf]# nginx -s reload
[root@foundation ~]# curl -I bbs.linux.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0
Date: Wed, 07 Apr 2021 13:03:29 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: http://www.linux.org/bbs/
4. nginx 防盗链
[root@server11 conf]# vim nginx.conf
location / {
root html;
index index.html;
# proxy_pass http://westos;
}
}
[root@server11 conf]# nginx -s reload
[root@server12 ~]# cd /var/www/html/
[root@server12 html]# ls
index.html
[root@server12 html]# vim index.html
<body>
<img src="http://www.westos.org/download/vim.jpg"/>
</body>
访问192.168.0.12 server2时,直接访问的是server1中的download目录中的vim.jpg,相当于盗取了server1的资源。
配置防盗链:编辑nginx配置文件
[root@server11 conf]# vim nginx.conf
location ~ \.(jpg|png)$ {
valid_referers none blocked www.westos.org;
if ($invalid_referer) {
return 403; ##如果是未知域名访问则返回403错误
#rewrite ^/ http://192.168.0.13/daolian.jpg; ##未知域名访问可以重定向到其他资源
}
}
[root@server11 conf]# nginx -s reload
[root@server13 ~]# mv daolian.jpg /var/www/html/
[root@server13 ~]# cd /var/www/html/
[root@server13 html]# ls
daolian.jpg index.html
在192.168.0.11 server1主机里面nginx的配置文件里面定义的是定向到192.168.0.13主机的daolian.jpg