######1、虚拟主机
[root@server1 conf]# pwd
/usr/local/lnmp/nginx/conf
[root@server1 conf]# vim nginx.conf
http{
...
121 server{
122 listen 80;
123 server_name www.westos.org;
124
125 location /{
126 root /www1;
127 index index.html;
128 }
129 }
130 server{
131 listen 80;
132 server_name www.linux.org;
133
134 location /{
135 root /www2;
136 index index.html;
137 }
138 }
139 }
[root@server1 conf]# cd /www1
[root@server1 www1]# cat index.html
www.westos.org
[root@server1 www1]# cd /www2
[root@server1 www2]# cat index.html
www.linux.org
[root@server1 www2]# nginx -s reload
[root@foundation29 lamp]# vim /etc/hosts #本地解析
172.25.29.1 www.westos.org www.linux.org
######2、https
[root@server1 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
#HTTPS server
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /www1;
index index.html index.htm;
}
}
[root@server1 conf]# nginx -t
nginx: [emerg] BIO_new_file("/usr/local/lnmp/nginx/conf/cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/lnmp/nginx/conf/cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
[root@server1 conf]# cd /etc/pki/tls/certs
[root@server1 certs]# make cert.pem
[root@server1 certs]# cp cert.pem /usr/local/lnmp/nginx/conf/
[root@server1 certs]# nginx -t
[root@server1 certs]# nginx -s reload
######3、重定向
[root@server1 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
rewrite ^(.*)$ https://www.westos.org permanent;
}
[root@server1 conf]# nginx -t
[root@server1 conf]# nginx -s reload
301永久重定向 302临时重定向
server{
listen 80;
server_name www.westos.org westos.org;
rewrite ^(.*)$ https://www.westos.org$1 permanent;
}
server{
listen 80;
server_name www.westos.org westos.org;
rewrite ^/bbs$ http://bbs.westos.org permanent;
}
server{
listen 80;
server_name www.westos.org westos.org;
rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
}
server{
listen 80;
server_name bbs.westos.org;
rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;
}
server{
listen 80;
server_name www.westos.org westos.org bbs.westos.org;
//Nginx支持正则匹配,这可以减少server的数量
if ($host = "bbs.westos.org"){
rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;
}
location /{
root /www1;
index index.html;
}
}
######4、并发、速率限制
(1)并发限制
[root@server1 conf]# vim nginx.conf
40 limit_conn_zone $binary_remote_addr zone=addr:10m;
56 location /download/ {
57 limit_conn addr 1; //允许一次并发
58 }
[root@server1 conf]# nginx -t
[root@server1 conf]# nginx -s reload
[root@server1 download]# pwd
/usr/local/lnmp/nginx/html/download
[root@server1 download]# ls
mysql-boost-5.7.17.tar.gz vim.jpg //测试图片
[root@foundation29 ~]# ab -c1 -n 10 http://172.25.29.1/download/vim.jpg //1个并发,10次
[root@foundation29 ~]# ab -c10 -n 10 http://172.25.29.1/download/vim.jpg //10个并发,10次
//只有一次正常
(2)速率限制
[root@server1 conf]# vim nginx.conf
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
location /download/ {
limit_conn addr 1; //并发限制
limit_rate 50k; //速率限制
}
[root@server1 conf]# nginx -s reload
######5、访问控制
[root@server1 admin]# pwd
/usr/local/lnmp/nginx/html/admin
[root@server1 admin]# cat index.html
admin page
location /admin/ {
deny all;
}
[root@server1 admin]# cat index.html
admin page
location /admin/ {
allow 172.25.29.0/24; //访问控制,与添加allow和deny的顺序有关系
deny all;
}
######6、缓存设置
[root@server1 conf]# vim nginx.conf
location ~ .*\.(gif|jpg|png)$ {
expires 30d; //缓存30天
}
######7、防止恶意域名解析
[root@server1 conf]# vim nginx.conf
server {
listen 80;
server_name _;
return 500;
[root@server1 conf]# vim nginx.conf
server {
listen 80;
server_name _;
rewrite ^(.*) http://www.westos.org permanent; //访问ip时重定向至www.westos.org
//访问ip,被自动定向到了www.westos.org
######8、防盗链
首先,我们先看看盗链过程
#########server1:
[root@server1 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org
location /{
root /www1;
index index.html;
}
[root@server1 www1]# ls images/ //server1的/www1/images下有一张图片
iso7.gif
#########server2:
[root@server2 html]# cat index.html
<html>
<body>
<img src="http://www.westos.org/images/iso7.gif">
</body>
</html>
//server2将其默认发布页设为server1主机上的图片
[root@server2 html]# /etc/init.d/httpd restart
//访问server2时,访问到了server1的图片
#########server1服务器防盗链
[root@server1 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org
location ~ \.(gif|jpg|png)$ {
root /www1;
valid_referers none blocked www.westos.org;
if ($invalid_referer) {
return 403;
}
}
//不可访问
我们不仅可以在其盗链时直接拒绝,还可以做个重定向
[root@server1 conf]# vim nginx.conf
location ~ \.(gif|jpg|png)$ {
root /www1;
valid_referers none blocked www.westos.org;
if ($invalid_referer) {
rewrite ^/ http://bbs.westos.org/daolian.jpg;
}
}
server{
listen 80;
server_name bbs.westos.org;
location / {
root /www2;
index index.html;
}
}
[root@server1 www2]# ls
daolian.jpg index.html