狀態碼:
200:表示正常
301:表示域名跳轉
401:表示需要輸入用戶名和密碼
403:表示可能被禁止訪問
302、404:表示輸入的路徑可能有錯
500:表示php腳本有問題
502:配置錯誤nginx用sock或者IP+port,還有就是資源耗盡,nginx屬主
寫個nginx啓動腳本
vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start() {
echo -n$"Starting $prog: "
mkdir -p/dev/shm/nginx_temp
daemon$NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return$RETVAL
}
stop() {
echo -n$"Stopping $prog: "
killproc-p $NGINX_PID $NGINX_SBIN -TERM
rm -rf/dev/shm/nginx_temp
RETVAL=$?
echo
return$RETVAL
}
reload(){
echo -n$"Reloading $prog: "
killproc-p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return$RETVAL
}
restart(){
stop
start
}
configtest(){
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo$"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
chmod 755 /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
整理nginx配置文件
#清空原來的配置
vim /usr/local/nginx/conf/nginx.conf
user nobody nobody;
worker_processes 2;
error_log/usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 6000;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for[$time_local]'
'$host "$request_uri" $status'
'"$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htmapplication/xml;
include vhosts/*.conf; #虛擬主機
}
添加虛擬主機
#默認虛擬主機獨立一個文件
mkdir /usr/local/nginx/conf/vhosts
vim/usr/local/nginx/conf/vhosts/default.conf #默認虛擬主機多了個default
server
{
listen 80 default;
server_name localhost;
index index.html index.htm index.php;
root /data/abc;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/abc$fastcgi_script_name;
}
}
#設置個空目錄,讓它403
#第二虛擬主機獨立一個文件
vim /usr/local/nginx/conf/vhosts/123.conf #第二個虛擬主機
server
{
listen 80;
server_name www.123.com;
index index.html index.htm index.php;
root /data/www;
location ~ \.php$ {
include fastcgi_params;
#fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
}
#只能用域名訪問,nginx通過fastcgi的端口加IP的形式把php交給php-fpm處理,最後返回給nginx代理
#虛擬主機的根目錄爲/data/www
Nginx用戶認證
#獨立一段添加
#工具apache的htpasswd,限制後臺admin.php
vim /usr/local/nginx/conf/vhosts/123.conf
location ~ .*admin\.php$ {
auth_basic "tingshi";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
touch /usr/local/nginx/conf/.htpasswd
htpasswd -c /usr/local/nginx/conf/.htpasswdaming #通過htpasswd工具創建用戶
#每個動態網頁都需要php解析
域名重定向
#外部添加
listen 80;
server_name www.123.com www.abc.com;
if ($host != 'www.123.com')
{
rewrite ^/(.*)$http://www.123.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
#支持多個域名重定向,在外層設置重定向
/usr/local/nginx/sbin/nginx -s reload
不記錄指定文件類型日誌/配置靜態文件過期時間
#獨立一段添加
access_log /tmp/access.log aming; #這在全局設置
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
access_log off;
}
location ~ .*\.(js|css)$
{
expires 12h;
access_log off;
}
#在設置access_log之前要打開mginx配置文件vim/usr/local/nginx/conf/nginx.conf
其中定好日誌的格式log_format aming aming就是格式,被access_log引用,其它兩個location在外面定義
expires 30d #配置靜態文件的過期時間
日誌切割
vim /usr/local/sbin/nginx_logroate.sh
#!/bin/bash
d=`date -d "-1 day" +%F`
[ -d /tmp/nginx_log ] || mkdir/tmp/nginx_log
mv /tmp/access.log /tmp/nginx_log/$d.log
/etc/init.d/nginx reload > /dev/null
cd /tmp/nginx_log
gzip -f $d.log
crontab –e #加入到計劃任務
0 0 * * * /bin/bash /usr/local/sbin/nginx_logroate.sh
#每天的0點執行
靜態文件的過期時間
#內部添加
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
access_log off;
}
expires 30d #配置靜態文件的過期時間
配置防盜鏈
#防止某張圖片或者某些東西被另一個網站盜用,內部添加
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|rar|zip|bz2)$
{
expires 30d;
access_log off;
valid_referersnone blocked *.123.com *.abc.com;
if ($invalid_referer)
{
return 403;
}
}
#測試
curl -e"http://www.baidu.com/123" -x127.0.0.1:80'http://www.123.com/static/image/common/titlebg.png' –I #返回403
curl -e "http://www.123.com/123"-x127.0.0.1:80 'http://www.123.com/static/image/common/titlebg.png' –I #返回200
指定referer的時候就應該帶上 http://
訪問控制
#限制某些IP,外部添加限定整個根目錄,內部添加限制某些文件,定義了匹配對象的時候優先匹配
server
{
listen 80;
server_name www.123.com www.abc.com;
if ($host != 'www.123.com')
{
rewrite ^/(.*)$ http://www.123.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log aming;
deny 127.0.0.1;
location ~ .*admin\.php$ {
allow 127.0.0.1;
deny all;
#auth_basic "tingshi";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
curl -x127.0.0.1:80 www.123.com/admin.php-I
curl -x127.0.0.1:80 www.123.com/forum.php-I
curl -x192.168.134.132:80www.123.com/admin.php -I
當定義了匹配對象的時候優先匹配,也就是越精準越優先,當沒有定義匹配對象的時候屎從上到下逐條匹配。
禁止指定user_agent
#禁止某些搜索引擎,在外部配置
if ($http_user_agent ~* 'curl|baidu|youdao')
{
return 403;
}
}
curl -A "qwewbaiduq"-x127.0.0.1:80 www.123.com/admin.php -I
curl -x 127.0.0.1:80 www.123.com/admin.php-I
nginx代理
#代理百度的IP,獨立一個文件
upstream bbb
{
server 14.215.177.38;
server 14.215.177.38;
}
server {
listen 80;
server_name www.baidu.com;
location / {
proxy_pass http://bbb/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;
}
access_log /home/logs/bb_access.log combined;
}
curl -x127.0.0.1:80 www.baidu.com -I