-
Nginx默认虚拟主机(在nginx中;为结束一段配置)
-
vim /usr/local/nginx/conf/nginx.conf (增加)
-
lnclude vhost/*.conf
-
mkdir /usr/local/nginx/conf/vhost
-
cd !$; vim default.conf (加入以下内容)
-
Server -
{ -
listen 80 default_server; (有这个标记的就是默认虚拟主机) -
server_name aaa.com; -
index index.html index.htm index.php; -
root /data/wwwroot/default; -
} -
mkdir -p /data/wwwroot/default/
-
echo “This is a default site.” >/data/wwwroot/default/index.html
-
/usr/local/nginx/sbin/nginx -t (检测)
-
/usr/local/nginx/sbin/nginx -s reload (重新加载)
-
curl localhost (测试)
-
curl -x127.0.0.1:80 123.com (指定域名)
-
Nginx用户认证
-
Vim /usr/local/nginx/conf/vhost/test.com.conf (写入如下)
-
Server -
{ -
listen 80; -
server_name test.com; -
index index.html index.htm index.php; -
root /data/wwwroot/test.com; -
location / -
{ -
auth_basic “Auth”; -
auth_basic_user_file /usr/local/nginx/conf/htpasswd; -
} -
} -
yum install -y httpd
-
htpasswd -c(生成,会覆盖掉原来的文件) /usr/local/nginx/conf/htpasswd aming
-
/usr/local/nginx/sbin/nginx -t
-
/usr/local/nginx/sbin/nginx -s reload
-
(测试配置并重新加载)
-
curl -x127.0.0.1:80 test.com
-
curl -uuser:password -x127.0.0.1:80 test.com
-
mkdir /data/wwwroot/test.com
-
echo “test.com” > /data/wwwroot/test.com/index.html
-
curl -uuser:password -x127.0.0.1:80 test.com
-
单目录认证可以直接在以上配置文件中将location /admin/(可以是任意单目录,或~ admin。Html(为认证匹配任意文件))即可。
-
Nginx域名重定向
-
更改test.com.conf
-
server -
{ -
listen 80; -
server_name test.com test1.com test2.com; -
index index.html index.htm index.php; -
root /data/wwwroot/test.com; -
if ($host !=’test.com’) { -
Rewrite ^/(.*)$ http://test.com/$1 permanent; -
} -
} -
server_name(后面支持写多个域名,这里要和httpd的做一个对比)
-
permanent为永久重定向,状态码为301,如果写redirect则文302。
-
/usr/local/nginx/sbin/nginx -t
-
/usr/local/nginx/sbin/nginx -s reload
-
curl -x127.0.0.1:80 test1.com/index.html -I(测试test1.com域名重定向是否能成功访问test.com)
-
Nginx访问日志
-
Vim /usr/local/nginx/conf/nginx.conf (搜索log_format,log_format是用来定义日志格式的)
-
$remote_addr(客户端IP(公网IP))
-
$http_x_forwarded_for(代理服务器的IP)
-
$time_local(服务器本地时间)
-
$host(f访问主机名(域名))
-
$request_uri(访问的url地址)
-
$status(状态码)
-
$http_referer(referer)
-
$http_user_agent(user_agent)
-
除了在主配置文件nginx.com里定义日志格式外,还需要在虚拟主机配置文件中增加。
-
access_log /tmp/1.log/ combined_realip (这里的combined——realIP就是在nginx.com中定义的日志格式名字)
-
/usr/local/nginx/sbin/nginx -t
-
/usr/local/nginx/sbin/nginx -s reload
-
curl -x127.0.0.1:80 test.com -I
-
cat /tmp/1.log
-
Nginx日志切割(nginx本身不自带日志切割工具)
-
自定义shell脚本
-
Vim /usr/local/sbin/nginx_log_rotate.sh(写入如下)
-
#! /bin/bash -
##假设nginx的日志存放路径为/tmp/ -
d=’data -d “-1 day” +%Y%m%d’ -
#(在不明白变量意义时可以直接在命令行运行一下) -
logdir=”/tmp/” -
nginx_pid=”/usr/local/nginx/logs/nginx.pid” -
cd $logdir -
for log in ‘ls *.log’ -
do -
mv $log $log-$d -
done -
/bin/kill -HUP ‘cat $nginx_pid’ -
find /tmp/ -name *.log-* -type f -mtime +30 |xargs rm -
#(此为删除以.log为中间名的30天以前的日志) -
任务计划
-
crontab -e
-
0 0 * * * /bin/bash/ /usr/local/sbin/nginx_log_rotate.sh (每天凌晨零点执行一次以上脚本)
-
静态文件不记录日志和过期时间
-
配置如下
-
vim /tmp/test.com.conf
-
server -
{ -
location ~ .\.(gif|jpg|jpeg|png|bmp|swf)$ -
{ -
expires 7d; -
access_log off; -
} -
location ~.*\.(js|css)$ -
{ -
expires 12h; -
access_log off; -
} -
access_log /tmp/test.com.log user;
-
/usr/local/nginx/sbin/nginx -t
-
/usr/local/nginx/sbin/nginx -s reload
-
curl -x127.0.0.1:80 test.com.conf
-
Nginx防盗链
-
vim /tmp/test.com.conf
-
配置如下
-
Location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ -
{ -
expores 7d; -
valid_referers none blocked server_names *.test.com; -
if($invalid_referer){ -
retum 403; -
} -
access_log off; -
} -
/usr/local/nginx/sbin/nginx -t
-
/usr/local/nginx/sbin/nginx -s reload
-
curl -x127.0.0.1:80 -I test.com/1.gif
-
curl -e “http://www.baidu.com/1.txt” -x127.0.0.1:80 -I test.com/1.gif (测试)
-
curl -e “http://www.test.com/1.txt” -x127.0.0.1:80 -I test.com/1.gif (测试)
-
Nginx访问控制
-
需求:访问/admin/目录的请求,只允许某几个IP的访问,配置如下
-
Location /admin/ -
{ -
Allow 192.168.xxx.xxx; -
Allow 127.0.0.1; -
Deny all; -
} -
mkdir /data/wwwroot/test.com/admin/
-
echo “test,test” >/data/wwwroot/test.com/admin/1.html
-
/usr/local/nginx/sbin/nginx -t
-
/usr/local/nginx/sbin/nginx -s reload
-
curl -x127.0.0.1:80 test.com/admin/1.html -I
-
curl -x192.168.xxx.xxx:80 test.com/admin/1.html -I
-
cat /tmp/test.com.log (查看日志)
-
可以匹配正则
-
location ~.*(uoload|image)/.*\.php$ (禁止PHP) -
{ -
Deny all; -
} -
根据user_agent限制
-
If($http_user_agent ~* ‘Spider/3.0|YoudaoBot|Tomato’) -
{ -
Return 403; -
} -
Deny all和return 403效果一样。
-
Nginx解析php相关配置
-
配置如下
-
location ~ \.php$ -
{ -
Include fastcgi_params; -
Fastcgi_pass unix:/tmp/php-fcgi.sock; -
##(如出现502,先要确认nginx里的地址和php里的listen是否对应)
-
Fastcgi-index index.php; -
Fastcgi-param SCRIPT_FILENAME/data/wwwroot/test.com$fastcgi_script_name; -
} -
/usr/local/nginx/sbin/nginx -t
-
/usr/local/nginx/sbin/nginx -s reload
-
Curl -x127.0.0.1:80 test.com
-
fastcgi_pass(用来指定php-fpm监听的地址或者socket)
-
Nginx代理
-
用户<===>代理服务器<===>WEB服务器
-
Cd /usr/local/nginx/conf/vhost
-
Vim proxy.conf(加入以下内容)
-
Server -
{ -
listen 80; -
server_name ask.apelearn.com -
location / -
{ -
proxy_pass http://121.201.9.155/; -
proxy_set_header Host $host; -
proxy_set_header X-Real-IP $remote_addr; -
proxy_set _header X-Forwarded-For $proxy_add_x_forwarded_for; -
} -
} -
/usr/local/nginx/sbin/nginx -t
-
/usr/local/nginx/sbin/nginx -s resload
-
curl -x127.0.0.1:80 ask.apelearn.com/robots.txt
转载于:https://my.oschina.net/u/4095969/blog/3050583
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
