一.配置Nginx隱藏版本號javascript
[root@localhost ~]# curl -I 192.168.200.111
HTTP/1.1 200 OK
Server: nginx/1.16.1 //Nginx版本號
Date: Fri, 13 Sep 2019 02:20:55 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 612
Last-Modified: Fri, 13 Sep 2019 01:54:04 GMT
Connection: keep-alive
ETag: "5d7af6bc-264"
Accept-Ranges: bytesphp
隱藏方法css
1.修改源碼包(安裝以前)html
[root@localhost ~]# tar xf nginx-1.16.1.tar.gz -C /usr/src/前端
[root@localhost ~]# useradd -M -s /sbin/nologin nginxjava
[root@localhost ~]# vim /usr/src/nginx-1.16.1/src/core/nginx.hlinux
13 #define NGINX_VERSION "8.15.45"
14 #define NGINX_VER "chenyu/" NGINX_VERSION 這兩個位置改爲你想要的名字和版本號nginx
[root@localhost ~]# yum -y install pcre-devel zlib-devel openssl-devel gcc gcc-c++ makec++
[root@localhost ~]# cd /usr/src/nginx-1.16.1/apache
[root@localhost nginx-1.16.1]./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_flv_module --with-http_gzip_static_module && make && make install
[root@localhost nginx-1.16.1]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/
[root@localhost nginx-1.16.1]# nginx
[root@localhost nginx-1.16.1]# curl -I 192.168.200.111
HTTP/1.1 200 OK
Server: chenyu/8.15.45 //修改爲功
Date: Fri, 13 Sep 2019 02:32:11 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 13 Sep 2019 02:30:34 GMT
Connection: keep-alive
ETag: "5d7aff4a-264"
Accept-Ranges: bytes
2.修改配置文件(安裝完成後)
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
在http{ }中添加 sever_tokens off;
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# killall -HUP nginx
[root@localhost ~]# curl -I 192.168.200.111
HTTP/1.1 200 OK
Server: nginx //安裝完成後的修改沒法修改版本號
Date: Fri, 13 Sep 2019 02:35:53 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 13 Sep 2019 02:30:34 GMT
Connection: keep-alive
ETag: "5d7aff4a-264"
Accept-Ranges: bytes
二. 修改Nginx用戶與組
1.編譯安裝時指定
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
[root@localhost nginx-1.16.1]./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-http_flv_module --with-http_gzip_static_module && make && make install
2.修改配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
2 user nginx nginx;
[root@localhost ~]# ps aux |grep nginx
root 4715 0.0 0.1 46100 1952 ? Ss 10:32 0:00 nginx: master process nginx
nginx 4803 0.0 0.2 48624 2340 ? S 10:35 0:00 nginx: worker process
root 4975 0.0 0.0 112724 996 pts/0 R+ 10:54 0:00 grep --color=auto nginx
三.配置Nginx網頁緩存時間
當Nginx將網頁數據返回給客戶端後,能夠設置緩存時間,以方便在往後進行相同內容的請求時直接返回
可修改配置文件,在http段,或server段,或者location段加入對特定內容的過時參數
以圖片爲例
[root@localhost html]# ln -s /usr/local/nginx/conf/nginx.conf /etc/nginx.conf 主配置文件太長,因此我建立了條鏈接
[root@localhost html]# vim /etc/nginx.conf
location ~ \.(jpg|jpeg|gif)$ {
expires 1d;
}
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# killall -HUP nginx
[root@localhost html]# vim /usr/local/nginx/html/index.html //在/body> 前加下面的句子引用圖片
<img src="linux.jpg"/>
設置成功,緩存時間爲1天
四. 實現Nginx的日誌切割
[root@localhost ~]# vim fenge.sh
#!/bin/bash
data=$(date -d "-1 day" "+%Y%m%d") //前一天的時間
logs_path="/usr/local/nginx/logs" //日誌存放位置
pid_path="/usr/local/nginx/logs/nginx.pid" //pid文件
[ -d $logs_path/bak ] || mkdir -p $logs_path/bak //判斷是否存在備份目錄
if [ -f $pid_path ];then //判斷
mv $logs_path/access.log $logs_path/bak/access.log-$data //將日誌文件打包放在bak中之前一天的時間爲名
kill -USR1 $(cat $pid_path) //生成新的日誌
find $logs_path -mtime +30 | xargs rm -f //刪除30天前的命令
else
echo "Error,Nginx is not working!" | tee -a /var/log/messages //若是未運行或失敗則輸出並加入到系統日誌中
fi
[root@localhost ~]# tail -f /usr/local/nginx/logs/access.log
192.168.200.111 - - [13/Sep/2019:10:32:11 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.200.111 - - [13/Sep/2019:10:35:53 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0" //以前測試產生的日誌
[root@localhost ~]# bash fenge.sh
[root@localhost ~]# cat /usr/local/nginx/logs/access.log //運行腳本後日志爲空
[root@localhost ~]# cd /usr/local/nginx/logs/
[root@localhost logs]# ls
access.log bak error.log nginx.pid //生成了備份目錄
[root@localhost logs]# cd bak
[root@localhost bak]# ls
access.log-20190912 //生成了備份文件
[root@localhost bak]# cat access.log-20190912
192.168.200.111 - - [13/Sep/2019:10:32:11 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"
192.168.200.111 - - [13/Sep/2019:10:35:53 +0800] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0"//備份日誌爲以前產生的日誌
[root@localhost bak]# cd
[root@localhost ~]# chmod +x fenge.sh 給腳本加執行權限放在天天0點執行
[root@localhost ~]# crontab -e
0 0 * * * /root/fenge.sh
五.配置Nginx實現連接超時
[root@localhost html]# vim /etc/nginx.conf
在server前添加
keepalive_timeout 65; //鏈接保持超時時間,根據網站狀況設置,可在http段,server段或者location段設置
client_header_timeout 60; //請求頭
client_body_timeout 60; //請求主體
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# killall -HUP nginx
六.更改Nginx運行進程數
在高併發場景,須要啓動更多的nginx進程以保證快速影響。
修改配置文件的worker_processes參數,通常設置CPU的個數或者核數的2倍
[root@localhost ~]# cat /proc/cpuinfo | grep -c "physical"
2
[root@localhost ~]# vim /etc/nginx.conf
worker_processes 2;
默認Nginx的多進程可能更多的跑在一顆cpu上,能夠分配不一樣的進程給不一樣的cpu處理。一臺4核的cpu能夠進行下面的配置,將進程進行分配
worker_cpu_affinity 0001 0010 0100 1000
七.配置Nginx實現網頁壓縮功能
Nginx的nex_http_gzip_module壓縮模塊提供了對文件內容壓縮的功能,容許nginx服務器將輸出內容發送給客戶端以前進行壓縮。
[root@localhost ~]# vim /etc/nginx.conf
gzip on; //開啓gzip壓縮輸出
gzip_min_length 1k; //用於設置容許壓縮的頁面最小字節數
gzip_buffers 4 16k; //表示申請4個單位爲16k的內存做爲壓縮結果流緩存
gzip_http_version 1.1; //設置識別http協議版本,默認是1.1
gzip_comp_level 2; //gzip壓縮比,1-9等級
gzip_types text/plain text/javascript application/x-javascrip text/css text/xml application/xml application/xml+rss; //壓縮類型,就是對哪類網頁文檔啓用壓縮功能
#gzip_vary on; //選項可讓前端的緩存服務器通過gzip壓縮的頁面
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
八.配置Nginx實現防盜鏈功能
111中引用圖片,114中盜用圖片連接
[root@localhost nginx]# vim html/index.html
..........
<img src="http://192.168.200.111/linux.jpg"/>
..........
114中的圖片地址爲111的圖片地址,盜鏈成功
在111中設置防盜鏈
[root@localhost ~]# vim /etc/nginx.conf
location ~* \.(jpg|jpeg)$ {
valid_referers none blocked *.amber.com amber.com; //valid_referers 設置信任網站,通常爲公司內部的ip。none瀏覽器中referer爲空的狀況,就直接在瀏覽器中訪問圖片。 block referer不爲空的狀況,可是值被代理或者防火牆刪除了,這些值不以http://或https://開頭
if ($invalid_referer) {
rewrite ^/ http://192.168.200.111/daolian.txt; //若是鏈接的來源不是*.amber.com amber.com的域,則強制跳轉到http://192.168.200.111/daolian.txt
}
}
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# killall -HUP nginx
圖片加載錯誤,防盜鏈成功
九.對FPM模塊進行參數優化
Nginx的PHP解析功能實現若是是交由FPM處理的,爲了提升PHP的處理速度,可對FPM模塊進行參數跳轉。
FPM:優化參數
pm //使用哪一種方式啓動fpm進程,能夠說static和dynamic,前者將產生固定數量的fpm進程,後者將以動態的方式產生fpm進程
pm.max_children //static方式開啓的fpm進程數
pm.start_servers //動態方式下初始的fpm進程數
pm.min_spare_servers //動態方式下最小的fpm空閒進程數
pm.max_spare_servers //動態方式下最大的fpm空閒進程數
注:以上調整要根據服務器的內存與服務器負載進行調整
示例:服務器爲雲服務器,運行了我的論壇,內存爲1.5G,fpm進程數爲20,內存消耗近1G,處理比較慢
#vim/usr/local/php5/etc/php-fpm.conf
pm = dynamic
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 8
十.Nginx爲目錄添加訪問控制
[root@localhost ~]# yum -y install httpd-tools //使用apache的htpasswd建立密碼,安裝http-tools
[root@localhost ~]# htpasswd -c /usr/local/nginx/user tom //使用htpasswd首次建立密碼時,須要加-c,爲了是建立儲存用戶和密碼的文件夾。
New password:
Re-type new password:
Adding password for user tom
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
location /admin {
stub_status on;
access_log off; //前兩行是ngxinx的管理模塊
auth_basic "Nginx status"; //basic是一種基本認證方式,雙引號的名字能夠自定義
auth_basic_user_file /usr/local/nginx/user; //指定登陸的用戶和密碼的保存位置
#allow 192.168.200.114; //容許114登陸
#deny 192.168.200.0/24; //不容許200網段的登陸
}
[root@localhost ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost ~]# killall -HUP nginx
登陸模塊管理界面須要登錄
登錄成功顯示內容
十一.自定義錯誤頁面
[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf
error_page 401 403 404 408 /40x.html; //當返回401 403 404 408錯誤時,去尋找40x.tml
location = /40x.html { //location匹配,當找40x.html時,去html裏找
root html;
}
[root@localhost html]# cat 40x.html
<h1>這是我自定義的錯誤頁面</h1> //建立40x.html 自定義錯誤頁面
[root@localhost html]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# killall -HUP nginx
測試時,在域名後隨意輸入內容,會返回錯誤頁面,測試成功。
十二.自動索引
[root@localhost html]# mkdir download
[root@localhost html]# cd download/
[root@localhost download]# mkdir {3..7}.{1..9}
[root@localhost download]# ls
3.1 3.3 3.5 3.7 3.9 4.2 4.4 4.6 4.8 5.1 5.3 5.5 5.7 5.9 6.2 6.4 6.6 6.8 7.1 7.3 7.5 7.7 7.9
3.2 3.4 3.6 3.8 4.1 4.3 4.5 4.7 4.9 5.2 5.4 5.6 5.8 6.1 6.3 6.5 6.7 6.9 7.2 7.4 7.6 7.8
[root@localhost download]# cd 7.9
[root@localhost 7.9]# touch Centos7.9.26
[root@localhost 7.9]# ls
Centos7.9.26
[root@localhost 7.9]# vim /usr/local/nginx/conf/nginx.conf
location /download { //訪問download開啓下載
autoindex on;
}
[root@localhost 7.9]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost 7.9]# killall -HUP nginx
點擊能夠下載
十三. 經過UA實現手機端和電腦端的分離(有些問題,先別看了)
location / {
root /usr/local/nginx/html;
if ( $http_user_agent ~ "(MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC\-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT\-)|(SonyEricsson)|(NEC\-)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi\-)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG\-)|(LG/)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC\-)|(SED\-)|(EMOL\-)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Wget)|(Java)|(curl)|(Opera)" )
{
root /usr/local/nginx/html/mobile;
}
index index.html index.htm;
}
十四.Nginx平滑升級版本
[root@localhost ~]# nginx -V
nginx version: nginx/1.15.9
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx
[root@localhost ~]# tar xf nginx-1.16.1.tar.gz -C /usr/src/
[root@localhost ~]# cd /usr/src/nginx-1.16.1/
[root@localhost nginx-1.16.1]# ./configure --prefix=usr/local/nginx --user=nginx --group=nginx && make //不要make install
[root@localhost nginx-1.16.1]# cd /usr/local/nginx/sbin/
[root@localhost sbin]# ls
nginx
[root@localhost sbin]# mv nginx nginx.old
[root@localhost sbin]# cd /usr/src/nginx-1.16.1/
[root@localhost nginx-1.16.1]# cp objs/nginx /usr/local/nginx/sbin/
[root@localhost nginx-1.16.1]# ls /usr/local/nginx/sbin/
nginx nginx.old
[root@localhost ~]# ps aux | grep nginx
root 8694 0.0 0.1 20552 608 ? Ss 10:05 0:00 nginx: master process /usr/local/nginx/sbin/nginx //老版本的進程
nginx 8695 0.0 0.2 23088 1380 ? S 10:05 0:00 nginx: worker process
root 11295 0.0 0.2 112724 996 pts/0 R+ 10:09 0:00 grep --color=auto nginx
[root@localhost ~]# kill -USR2 8694[root@localhost ~]# ps aux | grep nginxroot 8694 0.0 0.1 20552 796 ? Ss 10:05 0:00 nginx: master process /usr/local/nginx/sbin/nginxnginx 8695 0.0 0.2 23088 1380 ? S 10:05 0:00 nginx: worker processroot 11305 0.0 0.3 20552 1600 ? S 10:09 0:00 nginx: master process /usr/local/nginx/sbin/nginx //出現兩組nginxnginx 11306 0.0 0.2 23088 1384 ? S 10:09 0:00 nginx: worker processroot 11308 0.0 0.2 112724 996 pts/0 R+ 10:09 0:00 grep --color=auto nginx[root@localhost ~]# kill -WINCH 8694[root@localhost ~]# ps aux | grep nginxroot 8694 0.0 0.1 20552 796 ? Ss 10:05 0:00 nginx: master process /usr/local/nginx/sbin/nginx/ //工做進程關閉root 11305 0.0 0.3 20552 1600 ? S 10:09 0:00 nginx: master process /usr/local/nginx/sbin/nginxnginx 11306 0.0 0.2 23088 1384 ? S 10:09 0:00 nginx: worker processroot 11328 0.0 0.2 112724 996 pts/0 R+ 10:10 0:00 grep --color=auto nginx[root@localhost ~]# kill -QUIT 8694[root@localhost ~]# ps aux | grep nginxroot 11305 0.0 0.3 20552 1600 ? S 10:09 0:00 nginx: master process /usr/local/nginx/sbin/nginx //只剩下新版本的進程nginx 11306 0.0 0.2 23088 1384 ? S 10:09 0:00 nginx: worker processroot 11336 0.0 0.2 112724 996 pts/0 R+ 10:11 0:00 grep --color=auto nginx[root@localhost ~]# nginx -vnginx version: nginx/1.16.1 //升級完成