gzip
# gzip压缩功能设置
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 6;
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
gzip_vary on;
超时设置
#client_max_body_size 10m;
#client_body_buffer_size 128k;
#proxy_connect_timeout 75;
proxy_send_timeout 10;
proxy_read_timeout 10;
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
多个server_name 长度设置
server_names_hash_bucket_size 5120;
黑名单
http{
include blacks.conf;
server {
listen 80;
server_name www.baidu.com mp.baidu.com *.taobao.com;
access_log logs/web.access.log;
error_log logs/web.error.log;
include deny_agent.conf;
location / {
#limit_conn one 1;
#单次请求大小
limit_rate 50k;
#在黑名单里
if ($black = 1 ) {
access_log off;
return 444;
}
#根据IP设置访问性
#allow 101.37.88.10;
#deny all;
#特殊处理
set $flag "";
#/list开头的请求,不区分大小写
if ($request_uri ~* "/list"){
set $flag "${flag}1";
}
#没有referer头,日志里写的是"-",其实是空的意思
if ($http_referer = ""){
set $flag "${flag}1";
}
#和关系判断
if ($flag = "11")
{
access_log off;
return 444;
}
proxy_pass http://localhost:8001;
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
real_ip_header X-Forwarded-For;
#real_ip_recursive on;
#set $domain default;
}
}
blacks.conf
geo $remote_addr $black {
49.87.240.145 1;
180.125.92.0/24 1;
114.238.211.131 1;
}
限制爬虫
deny_agent.conf
最后一行(|^$)是空的时候,注意一下
#forbidden Scrapy
if ($http_user_agent ~* (Scrapy|Curl|HttpClient|python-requests|Dart|Baiduspider|robot|Googlebot|SemrushBot))
{
return 403;
}
#forbidden UA
if ($http_user_agent ~ "Bytespider|FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|MJ12bot|heritrix|EasouSpider|Ezooms|^$" )
{
return 403;
}
#forbidden not GET|HEAD|POST method access
#if ($request_method !~ ^(GET|HEAD|POST)$)
#{
# return 403;
#}
数据库tcp转发
stream{
#mysql
#server {
# listen 13366;
# proxy_pass 127.0.0.1:3306;
#}
#sql server
server {
listen 44330;
proxy_pass 127.0.0.1:1433;
}
}