配置Nginx全過程

狀態碼：

200：表示正常

301：表示域名跳轉

401：表示需要輸入用戶名和密碼

403：表示可能被禁止訪問

302、404：表示輸入的路徑可能有錯

500：表示php腳本有問題

502：配置錯誤nginx用sock或者IP+port，還有就是資源耗盡，nginx屬主

寫個nginx啓動腳本

vim /etc/init.d/nginx

#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings

NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"

start() {
      echo -n$"Starting $prog: "
      mkdir -p/dev/shm/nginx_temp
      daemon$NGINX_SBIN -c $NGINX_CONF
      RETVAL=$?
      echo
      return$RETVAL
}

stop() {
      echo -n$"Stopping $prog: "
      killproc-p $NGINX_PID $NGINX_SBIN -TERM
      rm -rf/dev/shm/nginx_temp
      RETVAL=$?
      echo
      return$RETVAL
}

reload(){
      echo -n$"Reloading $prog: "
      killproc-p $NGINX_PID $NGINX_SBIN -HUP
      RETVAL=$?
      echo
      return$RETVAL
}

restart(){
      stop
      start
}

configtest(){
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}

case "$1" in
  start)
      start
      ;;
  stop)
      stop
      ;;
  reload)
      reload
      ;;
  restart)
      restart
      ;;
  configtest)
      configtest
      ;;
  *)
      echo$"Usage: $0 {start|stop|reload|restart|configtest}"
      RETVAL=1
esac
exit $RETVAL

chmod 755 /etc/init.d/nginx

chkconfig --add nginx

chkconfig nginx on

整理nginx配置文件

#清空原來的配置

vim /usr/local/nginx/conf/nginx.conf

user nobody nobody;

worker_processes 2;

error_log/usr/local/nginx/logs/nginx_error.log crit;

pid /usr/local/nginx/logs/nginx.pid;

worker_rlimit_nofile 51200;

events

{

use epoll;

worker_connections 6000;

}

http

{

include mime.types;

default_type application/octet-stream;

server_names_hash_bucket_size 3526;

server_names_hash_max_size 4096;

log_format combined_realip '$remote_addr $http_x_forwarded_for[$time_local]'

'$host "$request_uri" $status'

'"$http_referer" "$http_user_agent"';

sendfile on;

tcp_nopush on;

keepalive_timeout 30;

client_header_timeout 3m;

client_body_timeout 3m;

send_timeout 3m;

connection_pool_size 256;

client_header_buffer_size1k;

large_client_header_buffers 8 4k;

request_pool_size 4k;

output_buffers 4 32k;

postpone_output 1460;

client_max_body_size 10m;

client_body_buffer_size 256k;

client_body_temp_path /usr/local/nginx/client_body_temp;

proxy_temp_path /usr/local/nginx/proxy_temp;

fastcgi_temp_path /usr/local/nginx/fastcgi_temp;

fastcgi_intercept_errors on;

tcp_nodelay on;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 8k;

gzip_comp_level 5;

gzip_http_version 1.1;

gzip_types text/plain application/x-javascript text/css text/htmapplication/xml;

include vhosts/*.conf; #虛擬主機

}

添加虛擬主機

#默認虛擬主機獨立一個文件

mkdir /usr/local/nginx/conf/vhosts

vim/usr/local/nginx/conf/vhosts/default.conf #默認虛擬主機多了個default

server

{

listen 80 default;

server_name localhost;

index index.html index.htm index.php;

root /data/abc;

location ~ \.php$ {

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/abc$fastcgi_script_name;

}

#設置個空目錄，讓它403

#第二虛擬主機獨立一個文件

vim /usr/local/nginx/conf/vhosts/123.conf #第二個虛擬主機

server

{

listen 80;

server_name www.123.com;

index index.html index.htm index.php;

root /data/www;

location ~ \.php$ {

include fastcgi_params;

#fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;

}

#只能用域名訪問，nginx通過fastcgi的端口加IP的形式把php交給php-fpm處理，最後返回給nginx代理

#虛擬主機的根目錄爲/data/www

Nginx用戶認證

#獨立一段添加

#工具apache的htpasswd，限制後臺admin.php

vim /usr/local/nginx/conf/vhosts/123.conf

location ~ .*admin\.php$ {

auth_basic "tingshi";

auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;

}

touch /usr/local/nginx/conf/.htpasswd

htpasswd -c /usr/local/nginx/conf/.htpasswdaming #通過htpasswd工具創建用戶

#每個動態網頁都需要php解析

域名重定向

#外部添加

listen 80;

server_name www.123.com www.abc.com;

if ($host != 'www.123.com')

{

rewrite ^/(.*)$http://www.123.com/$1 permanent;

}

index index.html index.htm index.php;

root /data/www;

#支持多個域名重定向，在外層設置重定向

/usr/local/nginx/sbin/nginx -s reload

不記錄指定文件類型日誌/配置靜態文件過期時間

#獨立一段添加

access_log /tmp/access.log aming; #這在全局設置

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

access_log off;

}

location ~ .*\.(js|css)$

{

expires 12h;

access_log off;

}

#在設置access_log之前要打開mginx配置文件vim/usr/local/nginx/conf/nginx.conf

其中定好日誌的格式log_format aming aming就是格式，被access_log引用，其它兩個location在外面定義

expires 30d #配置靜態文件的過期時間

日誌切割

vim /usr/local/sbin/nginx_logroate.sh

#!/bin/bash

d=`date -d "-1 day" +%F`

[ -d /tmp/nginx_log ] || mkdir/tmp/nginx_log

mv /tmp/access.log /tmp/nginx_log/$d.log

/etc/init.d/nginx reload > /dev/null

cd /tmp/nginx_log

gzip -f $d.log

crontab –e #加入到計劃任務

0 0 * * * /bin/bash /usr/local/sbin/nginx_logroate.sh

#每天的0點執行

靜態文件的過期時間

#內部添加

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

access_log off;

}

expires 30d #配置靜態文件的過期時間

配置防盜鏈

#防止某張圖片或者某些東西被另一個網站盜用，內部添加

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|rar|zip|bz2)$

{

expires 30d;

access_log off;

valid_referersnone blocked *.123.com *.abc.com;

if ($invalid_referer)

{

return 403;

}

#測試

curl -e"http://www.baidu.com/123" -x127.0.0.1:80'http://www.123.com/static/image/common/titlebg.png' –I #返回403

curl -e "http://www.123.com/123"-x127.0.0.1:80 'http://www.123.com/static/image/common/titlebg.png' –I #返回200

指定referer的時候就應該帶上 http://

訪問控制

#限制某些IP，外部添加限定整個根目錄，內部添加限制某些文件，定義了匹配對象的時候優先匹配

server

{

listen 80;

server_name www.123.com www.abc.com;

if ($host != 'www.123.com')

{

rewrite ^/(.*)$ http://www.123.com/$1 permanent;

}

index index.html index.htm index.php;

root /data/www;

access_log /tmp/access.log aming;

deny 127.0.0.1;

location ~ .*admin\.php$ {

allow 127.0.0.1;

deny all;

#auth_basic "tingshi";

#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;

}

curl -x127.0.0.1:80 www.123.com/admin.php-I

curl -x127.0.0.1:80 www.123.com/forum.php-I

curl -x192.168.134.132:80www.123.com/admin.php -I

當定義了匹配對象的時候優先匹配，也就是越精準越優先，當沒有定義匹配對象的時候屎從上到下逐條匹配。

禁止指定user_agent

#禁止某些搜索引擎，在外部配置

if ($http_user_agent ~* 'curl|baidu|youdao')

{

return 403;

}

curl -A "qwewbaiduq"-x127.0.0.1:80 www.123.com/admin.php -I

curl -x 127.0.0.1:80 www.123.com/admin.php-I

nginx代理

#代理百度的IP,獨立一個文件

upstream bbb

{

server 14.215.177.38;

}

server {

listen 80;

server_name www.baidu.com;

location / {

proxy_pass http://bbb/;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;

}

access_log /home/logs/bb_access.log combined;

}

curl -x127.0.0.1:80 www.baidu.com -I

配置Nginx全過程

寫個nginx啓動腳本

整理nginx配置文件

添加虛擬主機

Nginx用戶認證

域名重定向

不記錄指定文件類型日誌/配置靜態文件過期時間

日誌切割

靜態文件的過期時間

配置防盜鏈

訪問控制

禁止指定user_agent

nginx代理

ollama使用

Window 安裝 Python 失敗 0x80070643，發生嚴重錯誤

TiDB Vector 太香啦：以圖搜圖初體驗！

《最新出爐》系列入門篇-Python+Playwright自動化測試-41-錄製視頻

進程、端口、其他命令

安裝Nginx

tomcat配置

resin配置

配置Nginx全過程

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結