Nginx應用優化

時間  2019-12-12
標籤 nginx 應用 優化 欄目 Nginx 简体版
原文   原文鏈接

案例環境:javascript

系統類型 IP地址 主機名 所需軟件
Centos 6.5 192.168.100.150 www.linuxfan.cn nginx-1.6.2.tar.gz

 

 

1、Nginx隱藏版本號

方式一:修改配置文件      

配置版本號隱藏php

[root@www ~]# curl -I http://www.linuxfan.cn            ##選項爲-i
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Wed, 11 Jul 2018 16:43:05 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 11 Jul 2018 16:40:55 GMT
Connection: keep-alive
ETag: "5b463317-264"
Accept-Ranges: bytes 
[root@www ~]# vi  /usr/local/nginx/conf/nginx.conf          ##在http{}內添加便可
     20     server_tokens off;
:wq
[root@www ~]# nginx -t                   ##檢查nginx配置文件語法
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@www ~]# killall  -9  nginx     
[root@www ~]# nginx   
[root@www ~]# curl -I http://www.linuxfan.cn
HTTP/1.1 200 OK
Server: nginx                           ##版本已經隱藏
Date: Fri, 08 Dec 2017 22:56:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 08 Dec 2017 22:47:50 GMT
Connection: keep-alive
ETag: "5a2b1696-264"
Accept-Ranges: bytes

方式二:修改源碼包

[root@localhost ~]# yum -y install pcre-devel zlib-devel popt-devel openssl-*
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
[root@localhost ~]# tar zxf nginx-1.6.2.tar.gz -C /usr/src/
[root@localhost ~]# cd /usr/src/nginx-1.6.2/
[root@localhost nginx-1.6.2]# vim src/core/nginx.h           ##修改源代碼實現隱藏版本
 13 #define NGINX_VERSION      "6.6.6"
 14 #define NGINX_VER          "linuxfan.cn/" NGINX_VERSION
 15 
 16 #define NGINX_VAR          "linuxfan.cn"
:wq
[root@localhost nginx-1.6.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre && make && make install
[root@localhost nginx-1.6.2]# cd
[root@localhost ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@localhost ~]# nginx 
[root@localhost ~]# curl  -I  http://www.linuxfan.cn
HTTP/1.1 200 OK
Server: linuxfan.cn/6.6.6
Date: Fri, 08 Dec 2017 23:06:20 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Fri, 08 Dec 2017 23:05:45 GMT
Connection: keep-alive
ETag: "5a2b1ac9-264"
Accept-Ranges: bytes

2、網頁緩存、鏈接超時、網頁壓縮傳輸

1.網頁緩存:

做用:頁面緩存通常針對靜態網頁進行設置,對動態網頁不用設置緩存時間。方便客戶端在往後進行相同內容的請求時直接返回,以免重複請求,加快了訪問速度css

配置nginx緩存:html

[root@www ~]# cat <<END >/usr/local/nginx/html/index.html
<html>
<head>
<title>www.linuxfan.cn</title>
</head>
<body>
www.linuxfan.cn
<img src="./linux.jpg"/>
</body>
</html>
END
[root@www ~]# ls /usr/local/nginx/html/
index.html  linux.jpg
[root@www ~]# vi /usr/local/nginx/conf/nginx.conf
     55         location  ~  \.(gif|jpg|jpeg|png|bmp|ico)$   {
     56             expires 1d;
     57         }
     58         location  ~  .*\.(js|css)$   {     
     59             expires 1h;          
     60         }
:wq
[root@www ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@www ~]# killall  -9  nginx
[root@www ~]# nginx

客戶端訪問驗證:java

2.鏈接超時:

做用:在企業網站中,爲了不同一個客戶長時間佔用鏈接,形成服務器資源浪費,能夠設置相應的鏈接超時參數,實現控制鏈接訪問時間linux

配置項:android

keepalived_timeout 設置鏈接保持超時時間,通常可只設置該參數,默認爲 65 秒,可根據網站的狀況設置,或者關閉,可在 http 段、 server 段、或者 location 段設置
client_header_timeout 指定等待客戶端發送請求頭的超時時間
client_body_timeout 設置請求體讀取超時時間

 

 

 

 

注意: 若出現超時,會返回 408 報錯nginx

[root@www ~]# vi /usr/local/nginx/conf/nginx.conf
     32     keepalive_timeout  65;
     33     client_header_timeout 60;
     34     client_body_timeout 60;
:wq
[root@www ~]# killall  -9  nginx
[root@www ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@www ~]# nginx

3.網頁壓縮傳輸:

做用:將服務端傳輸的網頁文件壓縮傳輸,使其更加快速、減小帶寬的佔用web

配置:apache

[root@www ~]# vi /usr/local/nginx/conf/nginx.conf
     37     gzip on;              ##開啓 gzip 壓縮輸出
     38     gzip_min_length 1k;             ##用於設置容許壓縮的頁面最小字節數
     39     gzip_buffers 4 16k;             ##表示申請4 個單位爲 16k 的內存做爲壓縮結果流緩存,默認值是申請與原始數據大小相同的內存空間來儲存 gzip 壓縮結果
     40     gzip_http_version 1.1;            # #設置識別 http 協議版本,默認是 1.1
     41     gzip_comp_level 2;             ##gzip 壓縮比, 1-9 等級
     42   gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss;         ##壓縮類型,是就對哪些網頁文檔啓用壓縮功能
[root@www ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@www ~]# killall nginx
[root@www ~]# nginx

3、訪問控制、定義錯誤頁面、自動索引、目錄別名

1.訪問控制:

做用:限制訪問網站資源

配置項:

auth_basic "Nginx Status"; 認證提示文字
auth_basic_user_file /usr/local/nginx/conf/user.conf; 認證用戶文件,可使用apache提供的htpasswd命令來生成文件
allow 192.168.100.1; 容許客戶端ip地址
deny 192.168.100.0/24; 拒絕的網段

 

 

 

 

配置:

[root@www ~]# yum -y install httpd-tools
[root@www ~]# htpasswd -c /usr/local/nginx/conf/user.conf zs
[root@www ~]# cat /usr/local/nginx/conf/user.conf 
zs:VJVdQdVHEIvZo
[root@www ~]# vi /usr/local/nginx/conf/nginx.conf
     70         location /status        {
     71                 stub_status on;
     72                 access_log off;
     73                 auth_basic "Nginx Status";
     74                 auth_basic_user_file /usr/local/nginx/conf/user.conf;
     75                 allow 192.168.100.1;
     76                 deny 192.168.100.0/24;
     77         }
[root@ www ~]# killall -9 nginx
[root@ www ~]# nginx

客戶端訪問驗證:

 

2.定義錯誤頁面:

做用:根據客戶端的訪問網站的返回狀態碼,爲其指定到特定的錯誤頁面

配置:

[root@ www ~]# vi /usr/local/nginx/conf/nginx.conf
     78         error_page 403 404 /404.html;     
     79         location = /404.html {
     80         root html;
     81         }
[root@ www ~]# echo "deny" >>/usr/local/nginx/html/404.html
[root@ www ~]# killall -9 nginx
[root@www ~]# nginx

客戶端訪問驗證:

3.自動索引:

做用:將網站轉化爲相似ftp的站點,做爲共享文件的工具

配置:

[root@www ~]# mkdir  -p  /usr/local/nginx/html/download/haha/
[root@www ~]# touch /usr/local/nginx/html/download/haha/{1..10}.txt
[root@www ~]# vi /usr/local/nginx/conf/nginx.conf
     82         location /download {
     83                 autoindex on;
     84         }
[root@www ~]# killall -9 nginx
[root@www ~]# nginx

客戶端訪問測試:

4.目錄別名:

做用:將域名後綴的路徑設置一個別名,經過多種方式訪問

配置:

[root@www ~]# vi /usr/local/nginx/conf/nginx.conf
     85         location /dw {
     86                 alias /usr/local/nginx/html/haha/;
     87         }
[root@www ~]# mkdir /usr/local/nginx/html/haha
[root@www ~]# echo "haha" >/usr/local/nginx/html/haha/index.html
[root@www ~]# killall -9 nginx
[root@www ~]# nginx

客戶端訪問測試:

 

4、日誌分割

方式:腳本方式

技術要點:

a.剪切日誌後,使用kill  -USR1發送信號從新生成日誌文件,同時還不影響網站請求處理進程。

b.錯誤時經過echo和tee -a命令將錯誤顯示的同時寫入到日誌文件/var/log/messages。

[root@www ~]# vi /root/cut_nginx_log.sh
#!/bin/bash
# by www.linuxfan.cn cut_nginx_log.sh
datetime=$(date -d "-1 day" "+%Y%m%d")
log_path="/usr/local/nginx/logs"
pid_path="/usr/local/nginx/logs/nginx.pid"
mkdir -p $log_path/backup
if [ -f $pid_path ]
then
mv $log_path/access.log $log_path/backup/access.log-$datetime
kill -USR1 $(cat $pid_path)  ##USR1一般被用來告知應用程序重載配置文件;
find $log_path/backup -mtime +30 | xargs rm -f
else
echo "Error,Nginx is not working!"  >> /var/log/messages
fi
:wq
[root@www ~]# chmod +x /root/cut_nginx_log.sh
[root@www ~]# echo "0 0 * * * /root/cut_nginx_log.sh" >>/var/spool/cron/root
[root@www ~]# crontab -l
0 0 * * * /root/cut_nginx_log.sh
[root@www ~]# sh -x /root/cut_nginx_log.sh
[root@www ~]# ls /usr/local/nginx/logs/
access.log  backup  error.log  nginx.pid
[root@www ~]# ls /usr/local/nginx/logs/backup/
access.log-20171208

5、防盜鏈

做用:防盜鏈就是防止別人盜用服務器中的圖片、文件、視頻等相關資源。防盜鏈:是經過location  +  rewrite實現的

應用舉例:

location ~* \.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv)$ {

valid_referers none blocked *.linuxfan.cn  linuxfan.cn;

if ($invalid_referer) {

rewrite ^/ http://www.linuxfan.cn/error.jpg;

第一行: wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv 表示對這些後綴的文件進行防盜鏈。

第二行:valid_referers表示被容許的URL,none表示瀏覽器中 referer(Referer 是 header 的一部分,當瀏覽器向 web 服務器發送請求的時候,通常會帶上 Referer,告訴服務器我是從哪一個頁面連接過來的,服務器基此能夠得到一些信息用於處理) 爲空的狀況,就直接在瀏覽器訪問圖片,blocked referer 不爲空的狀況,可是值被代理或防火牆刪除了,這些值不以http://或 https://開頭,*.linuxfan是匹配URL的域名。

第三行:if{}判斷若是是來自於invalid_referer(不被容許的URL)連接,即不是來自第二行指定的URL,就強制跳轉到錯誤頁面,固然直接返回 404 (return 404)也是能夠的,也能夠是圖片。

注意:防盜鏈測試時,不要和expires配置一塊兒使用。

案例環境:

系統類型 IP地址 主機名 所需軟件
Centos 6.5 192.168.100.150 www.linuxfan.cn nginx-1.6.2.tar.gz
Centos 6.5 192.168.100.151 www.linuxren.cn nginx-1.6.2.tar.gz

 

 

 

 

1.搭建並配置www.linuxfan.cn

[root@linuxfan ~]# yum -y install pcre-devel zlib-devel popt-devel openssl-devel openssl
[root@linuxfan ~]# useradd -M -s /sbin/nologin nginx
[root@linuxfan ~]# tar zxvf nginx-1.6.2.tar.gz -C /usr/src/
[root@linuxfan ~]# cd /usr/src/nginx-1.6.2/
[root@linuxfan nginx-1.6.2]#  ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre && make && make install
[root@linuxfan nginx-1.6.2]# cd
[root@linuxfan ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@linuxfan ~]# nginx 
[root@linuxfan ~]# netstat -utlpn |grep 80
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      5618/nginx          
[root@linuxfan ~]# vi /usr/local/nginx/html/index.html
<html>
<head>
<title>www.linuxfan.cn</title>
</head>
<body>
www.lunuxfan.cn
<img src="./linux.jpg"/>
</body>
</html>
[root@linuxfan ~]# ls /usr/local/nginx/html/
index.html  linux.jpg

客戶端訪問測試:

2.搭建並配置www.linuxren.cn

[root@linuxren ~]# yum -y install pcre-devel zlib-devel popt-devel openssl-devel openssl 
[root@linuxren ~]# useradd -M -s /sbin/nologin nginx
[root@linuxren ~]# tar zxvf nginx-1.6.2.tar.gz -C /usr/src/
[root@linuxren ~]# cd /usr/src/nginx-1.6.2/
[root@linuxren nginx-1.6.2]#  ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre && make && make install
[root@linuxren nginx-1.6.2]# cd
[root@linuxren ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@linuxren ~]# nginx 
[root@linuxren ~]# netstat -utlpn |grep 80
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      5618/nginx          
[root@linuxren ~]# vi /usr/local/nginx/html/index.html
<html>
<head>
<title>www.linuxren.cn</title>
</head>
<body>
www.linuxren.cn
<img src="http://www.linuxfan.cn/linux.jpg"/>
</body>
</html>

客戶端訪問測試:

3.爲linuxfan主機設置防盜鏈

[root@linuxfan ~]# vi /usr/local/nginx/conf/nginx.conf
      location ~* \.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|jpeg) {
                  valid_referers nonde blocked  *.linuxfan.cn  linuxfan.cn;
                  if  ($invalid_referer){
                          rewrite  ^/  http://www.linuxfan.cn/error.jpg;
                      }
              }
##注意:不得存在如下配置:
     55         location  ~  \.(gif|jpg|jpeg|png|bmp|ico)$   {
     56             expires 1d;
     57         }
[root@linuxfan ~]# killall -9 nginx
[root@ linuxfan ~]# nginx

4.清空瀏覽器的緩存,再次訪問網站測試

6、虛擬主機

做用:在同一臺服務器上部署多個網站,減免資源的佔用

實現方式:

1.不一樣IP,不一樣域名,相同端口

2.相同IP,相同域名,不一樣端口

3.相同IP,相同端口,不一樣域名

案例環境:

系統類型 IP地址 主機名 所需軟件
Centos 6.5 192.168.100.151 www.linuxren.cn nginx-1.6.2.tar.gz

 

 

 

方式一:不一樣IP,不一樣域名,相同端口

[root@linuxren ~]# ip a |grep 192.168.100
    inet 192.168.100.151/24 brd 192.168.100.255 scope global eth0
    inet 192.168.100.200/24 brd 192.168.100.255 scope global secondary eth0:0
[root@linuxren ~]# vi /usr/local/nginx/conf/nginx.conf
worker_processes 1;
        events {
           use epoll;
           worker_connections 4096;
                }
http {
        include mime.types;
        default_type application/octet-stream;
        log_format main '$remote_addr -$remote_user [$time_local] "$request"'
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for" ';
        access_log logs/access.log main;
        sendfile  on;
        keepalive_timeout 65;
  server {
    listen 192.168.100.151:80;
    server_name www.linuxfan.cn;
    charset utf-8;
    access_log logs/linuxfan.access.log main;
    location / {
     root /var/www/linuxfan/;
     index index.html index.php;
       }
     }
  server {
    listen 192.168.100.200:80;
    server_name www.linuxren.cn;
    charset utf-8;
    access_log logs/linuxren.access.log main;
    location / {
     root  /var/www/linuxren/;
     index index.html index.php;
       }
     }
  }
[root@linuxren ~]# mkdir -p /var/www/linuxfan
[root@linuxren ~]# mkdir -p /var/www/linuxren
[root@linuxren ~]# echo "www.linuxfan.cn" >/var/www/linuxfan/index.html
[root@linuxren ~]# echo "www.linuxren.cn" >/var/www/linuxren/index.html
[root@linuxren ~]# killall -9 nginx
[root@linuxren ~]# nginx

客戶端訪問測試:

方式二:相同IP,不一樣域名,相同端口

[root@linuxren ~]# vi /usr/local/nginx/conf/nginx.conf
worker_processes 1;
        events {
           use epoll;
           worker_connections 4096;
                }
http {
        include mime.types;
        default_type application/octet-stream;
        log_format main '$remote_addr -$remote_user [$time_local] "$request"'
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for" ';
        access_log logs/access.log main;
        sendfile  on;
        keepalive_timeout 65;
  server {
    listen 192.168.100.151:80;
    server_name www.linuxfan.cn;
    charset utf-8;
    access_log logs/linuxfan.access.log main;
    location / {
     root /var/www/linuxfan/;
     index index.html index.php;
       }
     }
  server {
    listen 192.168.100.151:80;
    server_name www.linuxren.cn;
    charset utf-8;
    access_log logs/linuxren.access.log main;
    location / {
     root  /var/www/linuxren/;
     index index.html index.php;
       }
     }
  }
[root@linuxren ~]# killall -9 nginx
[root@linuxren ~]# nginx

客戶端訪問測試:

方式三:相同IP,不一樣端口,相同域名

[root@linuxren ~]# vi /usr/local/nginx/conf/nginx.conf
worker_processes 1;
        events {
           use epoll;
           worker_connections 4096;
                }
http {
        include mime.types;
        default_type application/octet-stream;
        log_format main '$remote_addr -$remote_user [$time_local] "$request"'
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for" ';
        access_log logs/access.log main;
        sendfile  on;
        keepalive_timeout 65;
  server {
    listen 192.168.100.151:80;
    server_name www.linuxfan.cn;
    charset utf-8;
    access_log logs/linuxfan.access.log main;
    location / {
     root /var/www/linuxfan/;
     index index.html index.php;
       }
     }
  server {
    listen 192.168.100.151:8080;
    server_name www.linuxfan.cn;
    charset utf-8;
    access_log logs/linuxren.access.log main;
    location / {
     root  /var/www/linuxren/;
     index index.html index.php;
       }
     }
  }
[root@linuxren ~]# killall -9 nginx
[root@linuxren ~]# nginx

客戶端訪問測試:

7、平滑升級

原理:

1.Nginx 的主進程( master process)啓動後完成配置加載和端口綁定等動做, fork 出指定數量的工做進程( worker process),這些子進程會持有監聽端口的文件描述符( fd),並經過在該描述符上添加監聽事件來接受鏈接( accept)

2.Nginx 主進程在啓動完成後會進入等待狀態,負責響應各種系統消息,如 SIGCHLD、 SIGHUP、SIGUSR2 等

3.主進程支持的信號:

TERM, INT: 馬上退出;              QUIT: 等待工做進程結束後再退出

KILL: 強制終止進程;               HUP: 從新加載配置文件,使用新的配置啓動工做進程,並逐步關閉舊進程。

USR1: 從新打開日誌文件;     USR2: 啓動新的主進程,實現熱升級

WINCH: 逐步關閉工做進程及工做進程支持的信號;

過程:

1.查看舊版 nginx 的編譯參數;

2.編譯新版本 Nginx 源碼包,安裝路徑需與舊版一致,注意:不要執行 make install;

3.備份二進制文件,用新版本的替換;

4.確保配置文件無報錯;

5.發送 USR2 信號:向主進程( master)發送 USR2 信號, Nginx 會啓動一個新版本的 master 進程和對應工做進程,和舊版一塊兒處理請求;

6.發送 WINCH 信號:向舊的 Nginx 主進程( master)發送 WINCH 信號,它會逐步關閉本身的工做進程(主進程不退出),這時全部請求都會由新版 Nginx 處理;

7.發送 QUIT 信號:升級完畢,可向舊的 Nginx 主進程( master)發送( QUIT、 TERM、或者 KILL)信號,使舊的主進程退出;

8.驗證 nginx 版本號,並訪問測試;

配置:

準備軟件包並查看舊版安裝選項

[root@linuxren ~]# ls nginx-1.*
nginx-1.12.0.tar.gz  nginx-1.6.2.tar.gz
[root@linuxren ~]# nginx -V
nginx version: nginx/1.6.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre

安裝新版本Nginx

[root@linuxren ~]# tar zxvf nginx-1.12.0.tar.gz -C /usr/src/
[root@linuxren ~]# cd /usr/src/nginx-1.12.0/
[root@linuxren nginx-1.12.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre && make        ##不能加make install,如若添加,則覆蓋了
[root@linuxren nginx-1.12.0]# mv /usr/local/nginx/sbin/nginx   /usr/local/nginx/sbin/nginx.old
[root@linuxren nginx-1.12.0]# cp objs/nginx /usr/local/nginx/sbin/
[root@linuxren nginx-1.12.0]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

使用信號實現熱升級

[root@linuxren ~]# ps aux |grep nginx  |grep -v grep
root       6059(老版本主進程)  0.0  0.2  45000  1032 ?        Ss   13:03   0:00 nginx: master process nginx
nginx      6060  0.0  0.3  45432  1624 ?        S    13:03   0:00 nginx: worker process
[root@linuxren ~]# kill -USR2 6059                   ##發送 USR2 信號:向主進程( master)發送 USR2 信號, Nginx 會啓動一個新版本的 master 進程和對應工做進程,和舊版一塊兒處理請求。
[root@linuxren ~]# kill -WINCH $(cat /usr/local/nginx/logs/nginx.pid)            ##關閉老版本的worker進程
[root@linuxren ~]# kill -QUIT $(cat /usr/local/nginx/logs/nginx.pid)            ##關閉老版本的master進程
[root@linuxren ~]# /usr/local/nginx/sbin/nginx                    ##從新加載新版本的命令
[root@linuxren ~]# ps aux |grep nginx |grep -v grep
root      3864  0.0  0.2  45192  1188 ?        Ss   03:24   0:00 nginx: master process /usr/local/nginx/sbin/nginx
nginx     3865  0.0  0.6  46904  3052 ?        S    03:24   0:00 nginx: worker process
[root@linuxren ~]# nginx -V
nginx version: nginx/1.12.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre

8、UA實現手機電腦頁面分離、拒絕http客戶端測試、拒絕惡意請求

做用:網站適配PC和手機設備,首先要能作出準確的判斷。HTTP請求的Header中的User-Agent能夠區分客戶端的瀏覽器類型,能夠經過User-Agent來判斷客戶端的設備

配置:

[root@linuxfan ~]# mkdir -p /var/www/shouji
[root@linuxfan ~]# mkdir -p /var/www/diannao
[root@linuxfan ~]# cat <<END >>/var/www/shouji/index.html
my name is iphone!!!
END
[root@linuxfan ~]# cat <<END >>/var/www/diannao/index.html
my name is computer!!!
END
[root@linuxfan ~]# vi /usr/local/nginx/conf/nginx.conf
worker_processes 1;
        events {
           use epoll;
           worker_connections 4096;
                }
http {
        include mime.types;
        default_type application/octet-stream;
        log_format main '$remote_addr -$remote_user [$time_local] "$request"'
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for" ';
        access_log logs/access.log main;
        sendfile  on;
        keepalive_timeout 65;
  server {
    listen 192.168.100.150:80;
    server_name www.linuxfan.cn;
    charset utf-8;
    access_log logs/linuxfan.access.log main;

#禁止Scrapy等工具的抓取
if ($http_user_agent ~* (Scrapy|Curl|HttpClient)) {
  return 403;
}
#禁止指定UA及UA爲空的訪問
if ($http_user_agent ~ "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|LinkpadBot|Ezooms|^$" )
{
  return 403;
}
#禁止非GET|HEAD|POST方式的抓取
if ($request_method !~ ^(GET|HEAD|POST)$) {
  return 403;
}

##配置UA頁面移動端和PC端頁面分離;
    set $mobile_rewrite do_not_perform;

if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge|maemo|midp|mmp|mobile.+firefox|netfront|operam(ob|in)i|palm(os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino") {
  set $mobile_rewrite perform;
}

if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r|s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-||_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt(|\/)|klon|kpt|kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-||o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-|)|webc|whit|wi(g|nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {
  set $mobile_rewrite perform;
}
    location / {
     root /var/www/diannao/;
     index index.html index.php;
        if ($mobile_rewrite = perform) {
                root /var/www/shouji/;
        }
     }
  }
}
[root@linuxfan ~]# killall -9 nginx
[root@linuxfan ~]# nginx

客戶端訪問測試:

9、加載第三方模塊

第三方模塊下載地址:https://www.nginx.com/resources/wiki/modules/

模塊一:echo-nginx-module-0.60.tar.gz

[root@linuxfan ~]# ls
echo-nginx-module-0.60.tar.gz  nginx-1.6.2.tar.gz
[root@linuxfan ~]# tar zxvf echo-nginx-module-0.60.tar.gz -C /usr/src/
[root@linuxfan ~]# tar zxvf nginx-1.6.2.tar.gz -C /usr/src/
[root@linuxfan ~]# cd /usr/src/nginx-1.6.2/ 
[root@linuxfan nginx-1.6.2# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre --add-module=/usr/src/echo-nginx-module-0.60/  &&make &&make install
[root@linuxfan nginx-1.6.2# cd
[root@linuxfan ~]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
[root@linuxfan ~] # vi /usr/local/nginx/conf/nginx.conf
worker_processes 1;
        events {
           use epoll;
           worker_connections 4096;
                }
http {
        include mime.types;
        default_type application/octet-stream;
        log_format main '$remote_addr -$remote_user [$time_local] "$request"'
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for" ';
        access_log logs/access.log main;
        sendfile  on;
        keepalive_timeout 65;
  server {
    listen 192.168.100.150:80;
    server_name www.linuxfan.cn;
    charset utf-8;
    access_log logs/linuxfan.access.log main;

    location / {
        echo "nginx";
  }
 }
}
[root@linuxfan ~]# killall -9 nginx
[root@linuxfan ~]# nginx
[root@linuxfan ~]# curl 192.168.100.150
nginx
[root@linuxfan ~]# curl -I 192.168.100.150
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 13 Jul 2018 18:06:42 GMT
Content-Type: application/octet-stream
Connection: keep-alive

模塊二:nginx-http-sysguard-master.zip

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程