Nginx服务管理

目录

1、安全控制

限制并发连接

限制请求数

限制速率

2、自动索引

3、缓存配置

4、禁用日志记录

5、日志轮转

6、nginx日志可视化

7、站点限制

8、中文乱码

9、虚拟主机

10、https配置

11、重定向

12、防盗链

---

1、安全控制

限制并发连接

cd /usr/local/nginx/html/
mkdir download

vim /usr/local/nginx/conf/nginx.conf
limit_conn_zone $binary_remote_addr zone=addr:10m;


 location /download/ {
         
          limit_conn addr 1;
          
 }

systemctl reload nginx.service

 

必须单线程下载，超出的并发连接会失败

ab -c 10 -n 10 http://192.168.189.111/download/vim.jpg
cat /usr/local/nginx/logs/access.log

 

 

限制请求数

vim /usr/local/nginx/conf/nginx.conf

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;


limit_req zone=one burst=5 nodelay;


systemctl reload nginx.service

 

限制速率

location /download/ {
         ##autoindex on;
         limit_conn addr 1;
         limit_rate 100k;
         ##limit_req zone=one burst=5 nodelay;

}

2、自动索引

vim /usr/local/nginx/conf/nginx.conf

autoindex on;

systemctl reload nginx.service

 

3、缓存配置

location ~ .*\.(gif|jpg|png)$ {
            expires 365d;
            root html;
        }

 

4、禁用日志记录

access_log off;

 

 

5、日志轮转

vim /opt/nginx_log.sh
#!/bin/bash
cd /usr/local/nginx/logs && mv access.log access_$(date +%F -d -1day).log
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`

chmod +x /opt/nginx_log.sh
/opt/nginx_log.sh
cd /usr/local/nginx/logs/
crontab -e
00 00 * * * /opt/nginx_log.sh

6、nginx日志可视化

安装依赖性

dnf install -y  ncurses-devel ncurses-devel.x86_64
tar xf goaccess-1.4.tar.gz
./configure --enable-utf8
make
make install

启动

goaccess /usr/local/nginx/logs/access.log -o /usr/local/nginx/html/report.html --log-format=COMBINED --real-time-html &

7、站点限制

  location /status {
                stub_status on;			#启用监控模块
                access_log off;				#禁用日志记录
                allow 127.0.0.1;			#只允许本机访问
                deny all;					#禁用所有主机访问
        }

8、中文乱码

 

9、虚拟主机

mkdir /www1/
echo web1 > /www1/index.html
vim /usr/local/nginx/conf/nginx.conf
server {
        listen 80;
        server_name www1.yyl.org;
        location / {
        root /www1;
        index index.html;
}
}

 

10、https配置

openssl req  --newkey rsa:2048 -nodes -sha256 -keyout /usr/local/nginx/conf/cert.key -x509 -days 365 -out /usr/local/nginx/conf/cert.pem

 

11、重定向

rewrite ^/(.*)$ https://www1.yyl.org/$1 permanent;

 

www1.yyl.org/bbs 重定向bbs.westos.org

mkdir /bbs
echo bbs.yyl.org > /bbs/index.html

rewrite ^/bbs$ http://bbs.yyl.org/$1 permanent;
rewrite ^/bbs(.*)$ http://bbs.yyl.org/$1 permanent;

12、防盗链

配置vm2上的apache服务，盗链vm1上的图片

<html>
<body>
<img src="http://www1.yyl.org/vim.jpg"/>
</body>
</html>

 

配置nginx网页防盗链

location ~ \.(jpg|png)$ {
        root /www1;
        valid_referers none blocked www1.yyl.org;
        if ($invalid_referer) {
                #return 403;
                rewrite ^/ http://bbs.yyl.org/daolian.jpg;
        }
}