nginx模块使用方法:
1、worker_processes auto
worker_processes auto; #auto等于物理核心数,可指定数量,一般等于小于物理核心数
2、events
events {
worker_connections 1024; #单进程响应1024个请求,一共响应的请求等于worker_processes乘以worker_connections的数量;
}
(1)、worker_connections number;
每个worker进程所能够打开的最大并发连接数数量;worker_processes * worker_connections
(2)、use method;
指明并发连接请求的处理方法;use epoll;
(3)、accept_mutex on | off;
处理新的连接请求的方法;on意味着由各worker轮流处理新请求,Off意味着每个新请求的到达都会通知所有的worker进程;
3、http
log_format
$remote_addr 远程主机地址
$remote_user 远程访问用户
$time_local 本地时间
$request 请求url 报文的起始行
$status 响应码
$body_bytes_sent body的字节数
$http_referer 引用
$http_user_agent 客户端代理用的是什么浏览器访问的
$http_x_forwarded_for 记录真正的客户端的地址
access_log
access_log /var/log/nginx/access.log main;# 日志存放地址
sendfile on;#提升性能
keepalive_timeout 65;#保持连接启用
default_type application/octet-stream;#默认识别成8进制的数据流
4、server
listen 80 default_server;#默认虚拟主机
listen [::]:80 default_server;#ipv6的端口的默认虚拟主机
server_name _;#对于默认主机来说,下划线可以匹配所有主机名
root /usr/share/nginx/html;#默认网页根路径
location / {
} #个人设置
error_page #错误页
5、worker_cpu_affinity cpumask ...;
worker_cpu_affinity auto [cpumask];
[root@node01 nginx]# vim nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
#worker_cpu_affinity auto;#自己绑定
不绑定之前
[root@node01 nginx]# ps axo comm,pid,psr | grep nginx
nginx 4997 0
nginx 4998 3
nginx 4999 2
nginx 5000 0
nginx 5001 1
绑定之后
[root@node01 nginx]# vim nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
worker_cpu_affinity auto;#自己绑定
[root@node01 nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 nginx]# nginx -s reload
[root@node01 nginx]# ps axo comm,pid,psr | grep nginx
nginx 4997 0
nginx 6638 0
nginx 6639 1
nginx 6640 2
nginx 6641 3
进行验证
[root@node02 ~]# yum install -y httpd-tools
[root@node02 ~]# ab -n 10000 -c 100 http://192.168.32.132/index.html
观察node01
[root@node01 nginx]# watch -n.5 'ps axo comm,pid,psr | grep nginx'
CPU不会再随机调度了
将cpu反过来绑定
[root@node01 nginx]# vim nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
#worker_cpu_affinity auto;
worker_cpu_affinity 1000 0100 0010 0001;
[root@node01 nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 nginx]# nginx -s reload
[root@node01 nginx]# watch -n.5 'ps axo comm,pid,psr | grep nginx'
Every 0.5s: ps axo comm,pid,psr | grep nginx Mon Jan 28 14:06:16 2019
nginx 4997 3
nginx 7314 3
nginx 7315 2
nginx 7316 1
nginx 7317 0
自定义worker_processes数量 自定义绑定cpu
[root@node01 nginx]# vim nginx.conf
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
#worker_cpu_affinity auto;
worker_cpu_affinity 1000 0100;
[root@node01 nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 nginx]# nginx -s reload
[root@node01 nginx]#
[root@node01 nginx]#
[root@node01 nginx]#
[root@node01 nginx]# watch -n.5 'ps axo comm,pid,psr | grep nginx'
Every 0.5s: ps axo comm,pid,psr | grep nginx Mon Jan 28 14:12:44 2019
nginx 4997 3
nginx 7962 3
nginx 7963 2
6、 worker_priority number;指定worker进程的nice值,设定worker进程优先级;[-20,20]
[root@node01 nginx]# vim nginx.conf
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
#worker_cpu_affinity auto;
worker_cpu_affinity 1000 0100;
worker_priority -5;
[root@node01 nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 nginx]# nginx -s reload
[root@node01 nginx]# ps axo comm,pid,psr,ni | grep nginx
nginx 4997 3 0
nginx 8718 3 -5
nginx 8719 2 -5
7、 worker_rlimit_nofile number;worker进程所能够打开的文件数量上限;
[root@node01 nginx]# vim nginx.conf
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
#worker_cpu_affinity auto;
worker_cpu_affinity 1000 0100;
worker_priority -5;
worker_rlimit_nofile 65535;
[root@node01 nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 nginx]# nginx -s reload
8、 与套接字相关的配置:
示例:
限定主机访问
[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
location / {
deny 192.168.32.131;#node03主机的ip地址
allow all;
}
}
[root@node01 vhost1]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 vhost1]# nginx -s reload
验证
[root@node02 ~]# curl http://www.hehe.com
<h1>Nginx Vhost 1</h1>
[root@node03 ~]# curl http://www.hehe.com
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
示例:
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
location / {
root /data/nginx/vhost2;
allow all;
}
location ~* \.(jpg|jpeg|jfif)$ {
deny 192.168.32.131;
allow all;
}
}
匹配示例
root 和alias的区别
root 匹配的是左侧的目录 alias匹配的则是右侧的
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
location / {
# root /data/nginx/vhost2;
allow all;
}
location ~* \.(jpg|jpeg|jfif)$ {
deny 192.168.32.131;
allow all;
}
location ^~ /images/ {
root /data/pictures/;#匹配的是pictures/下面的images目录
}
}
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
location / {
# root /data/nginx/vhost2;
allow all;
}
location ~* \.(jpg|jpeg|jfif)$ {
deny 192.168.32.131;
allow all;
}
location ^~ /images/ {
alias /data/pictures/;#匹配的是pictures/目录
}
自定义错误页
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
location / {
# root /data/nginx/vhost2;
allow all;
}
location ~* \.(jpg|jpeg|jfif)$ {
deny 192.168.32.131;
allow all;
}
location ^~ /images/ {
root /data/pictures/;#匹配的是pictures/下面的images目录
}
error_page 404 /notfound.html;
location = /notfound.html {
root /data/nginx/error_pages;
}
}
[root@node01 ~]# mkdir /data/nginx/error_pages
[root@node01 ~]# vim /data/nginx/error_pages/notfound.html
验证
将状态码重定向到其他状态码
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
location / {
# root /data/nginx/vhost2;
allow all;
}
location ~* \.(jpg|jpeg|jfif)$ {
deny 192.168.32.131;
allow all;
}
location ^~ /images/ {
alias /data/pictures/;
}
error_page 404 =200 /notfound.html;
location = /notfound.html {
root /data/nginx/error_pages;
}
}
验证
10、定义客户端请求的相关配置
(1)、keepalive_timeout timeout [header_timeout];
设定保持连接的超时时长,0表示禁止长连接;默认为75s;
(2)、keepalive_requests number;
在一次长连接上所允许请求的资源的最大数量,默认为100;
(3)、keepalive_disable none | browser ...;
对哪种浏览器禁用长连接;
(4)、send_timeout time;
向客户端发送响应报文的超时时长,此处,是指两次写操作之间的间隔时长;
(5) 、client_body_buffer_size size;
11、对客户端进行限制的相关配置
(1)、limit_rate rate;
限制响应给客户端的传输速率,单位是bytes/second,0表示无限制;
(2) 、limit_except method ... { ... }
限制对指定的请求方法之外的其它方法的使用客户端;
limit_except GET {
allow 192.168.1.0/24;
deny all;
}
12、文件操作优化的配置
(1)、aio on | off | threads[=pool];是否启用aio功能;
(2)、directio size | off; 在Linux主机启用O_DIRECT标记,此处意味文件大于等于给定的大小时使用,例如directio 4m;
(3)、open_file_cache off; open_file_cache max=N [inactive=time];
nginx可以缓存以下三种信息: (1) 文件的描述符、文件大小和最近一次的修改时间;(2) 打开的目录结构; (3) 没有找到的或者没有权限访问的文件的相关信息;
max=N:可缓存的缓存项上限;达到上限后会使用LRU算法实现缓存管理;
inactive=time:缓存项的非活动时长,在此处指定的时长内未被命中的或命中的次数少于open_file_cache_min_uses指令所指定的次数的缓存项即为非活动项;
13、ngx_http_access_module 访问控制模块
ngx_http_access_module模块:
实现基于ip的访问控制功能
(1)、allow address | CIDR | unix: | all;
(2)、deny address | CIDR | unix: | all;
http, server, location, limit_except
14、ngx_http_auth_basic_module模块
实现基于用户的访问控制,使用basic机制进行用户认证;
(1)、auth_basic string | off;
(2)、auth_basic_user_file file;
location /admin/ {
alias /webapps/app1/data/;
auth_basic "Admin Area";
auth_basic_user_file /etc/nginx/.ngxpasswd;
}
注意:htpasswd命令由httpd-tools所提供;
示例
[root@node01 ~]# htpasswd -c -m /etc/nginx/.ngxpasswd tom
New password:
Re-type new password:
Adding password for user tom
[root@node01 ~]# htpasswd -m /etc/nginx/.ngxpasswd jerry
New password:
Re-type new password:
Adding password for user jerry
[root@node01 ~]# cat /etc/nginx/.ngxpasswd
tom:$apr1$hj5QSHd8$GhF4wQy3RqGSgqhsnDkP3.
jerry:$apr1$YBflr81R$JwwcZRpSH1v5HNnP9Hi5i/
[root@node01 ~]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
location / {
# root /data/nginx/vhost2;
allow all;
}
location ~* ^/(admin|login) {
auth_basic "admin area or login url";
auth_basic_user_file /etc/nginx/.ngxpasswd;
}
location ~* \.(jpg|jpeg|jfif)$ {
deny 192.168.32.131;
allow all;
}
location ^~ /images/ {
alias /data/pictures/;
}
error_page 404 =200 /notfound.html;
location = /notfound.html {
root /data/nginx/error_pages;
}
}
[root@node01 ~]# mkdir /data/nginx/vhost1/admin
[root@node01 ~]# vim /data/nginx/vhost1/admin/index.html
[root@node01 ~]# more /data/nginx/vhost1/admin/index.html
<h1>Admin Area</h1>
[root@node01 ~]#
[root@node01 ~]#
[root@node01 ~]#
[root@node01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 ~]# nginx -s reload
15、ngx_http_stub_status_module模块
用于输出nginx的基本状态信息;
Active connections: 活动状态的连接数;
accepts:已经接受的客户端请求的总数;
handled:已经处理完成的客户端请求的总数;
requests:客户端发来的总的请求数;
Reading:处于读取客户端请求报文首部的连接的连接数;
Writing:处于向客户端发送响应报文过程中的连接数;
Waiting:处于等待客户端发出请求的空闲连接数;
示例
[root@node01 ~]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
location / {
# root /data/nginx/vhost2;
allow all;
}
location ~* ^/(admin|login) {
auth_basic "admin area or login url";
auth_basic_user_file /etc/nginx/.ngxpasswd;
}
location ~* \.(jpg|jpeg|jfif)$ {
deny 192.168.32.131;
allow all;
}
location ^~ /images/ {
alias /data/pictures/;
}
error_page 404 =200 /notfound.html;
location = /notfound.html {
root /data/nginx/error_pages;
}
location /ngxstatus {
stub_status;
}
}
[root@node01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 ~]# nginx -s reload
[root@node01 ~]# curl http://www.hehe.com/ngxstatus
Active connections: 2
server accepts handled requests
2 2 4
Reading: 0 Writing: 1 Waiting: 1
16、ngx_http_log_module模块
示例:
[root@node01 ~]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
access_log /var/log/nginx/vhost1_access.log main;
location / {
# root /data/nginx/vhost2;
allow all;
}
location ~* ^/(admin|login) {
auth_basic "admin area or login url";
auth_basic_user_file /etc/nginx/.ngxpasswd;
}
location ~* \.(jpg|jpeg|jfif)$ {
deny 192.168.32.131;
allow all;
}
location ^~ /images/ {
alias /data/pictures/;
}
error_page 404 =200 /notfound.html;
location = /notfound.html {
root /data/nginx/error_pages;
}
location /ngxstatus {
stub_status;
access_log off;
}
}
[root@node01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 ~]# nginx -s reload
[root@node01 ~]# tail -f /var/log/nginx/
access.log access.log-20190128.gz error.log error.log-20190128.gz vhost1_access.log
[root@node01 ~]# tail -f /var/log/nginx/vhost1_access.log
192.168.32.131 - - [28/Jan/2019:19:29:15 +0800] "GET /images/test001.jpg HTTP/1.1" 200 12931 "-" "curl/7.29.0" "-"
^C
17、ngx_http_gzip_module:http压缩模块
示例
[root@node01 ~]# vim /etc/nginx/nginx.conf
[root@node01 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 ~]# nginx -s reload
[root@node01 nginx]# cp nginx.conf /data/nginx/vhost1/nginx.html
验证
18、ngx_http_ssl_module模块:
示例
1、在node02搭建CA服务器
[root@node02 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:heheda
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:node02.hehe.com
Email Address []:
[root@node02 CA]# ls
cacert.pem certs crl newcerts private
[root@node02 CA]# touch index.txt
[root@node02 CA]# echo 01 > serial
[root@node02 CA]# ll
总用量 8
-rw-r--r-- 1 root root 1334 1月 29 10:41 cacert.pem
drwxr-xr-x. 2 root root 6 4月 11 2018 certs
drwxr-xr-x. 2 root root 6 4月 11 2018 crl
-rw-r--r-- 1 root root 0 1月 29 10:41 index.txt
drwxr-xr-x. 2 root root 6 4月 11 2018 newcerts
drwx------. 2 root root 23 1月 29 10:38 private
-rw-r--r-- 1 root root 3 1月 29 10:41 serial
2、在node01上(nginx)自建key
[root@node01 nginx]# mkdir /etc/nginx/ssl
[root@node01 nginx]# cd /etc/nginx/ssl/
[root@node01 ssl]#
[root@node01 ssl]#
[root@node01 ssl]# ls
[root@node01 ssl]# (umask 077; openssl genrsa -out nginx.key 2048)
Generating RSA private key, 2048 bit long modulus
..............................................................................................+++
...........................................................................................................+++
e is 65537 (0x10001)
[root@node01 ssl]# ls
nginx.key
[root@node01 ssl]# openssl req -new -key nginx.key -out nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:heheda
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:node01.hehe.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@node01 ssl]# ll
总用量 8
-rw-r--r-- 1 root root 1013 1月 29 13:21 nginx.csr
-rw------- 1 root root 1675 1月 29 10:42 nginx.key
3、进行授权
[root@node01 ssl]# scp nginx.csr node02:/tmp/
The authenticity of host 'node02 (192.168.32.128)' can't be established.
ECDSA key fingerprint is SHA256:tMT8xiLAjrhvRkah4txBY1OVsq4KZzdK+mW9G7LK/ZU.
ECDSA key fingerprint is MD5:e2:c3:6d:0d:d8:5e:05:94:dc:9e:9e:4f:87:de:8d:68.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node02,192.168.32.128' (ECDSA) to the list of known hosts.
root@node02's password:
nginx.csr 100% 1013 657.2KB/s 00:00
[root@node02 CA]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jan 29 05:26:21 2019 GMT
Not After : Jan 29 05:26:21 2020 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = heheda
organizationalUnitName = devops
commonName = node01.hehe.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
94:F0:75:E1:3A:86:06:33:CB:A3:1E:B1:E5:83:C0:07:FA:A9:A9:CD
X509v3 Authority Key Identifier:
keyid:EC:1F:2B:D8:93:96:6C:18:8A:AC:90:16:F3:0C:0F:ED:35:36:58:BC
Certificate is to be certified until Jan 29 05:26:21 2020 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@node02 CA]# ls
cacert.pem certs crl index.txt index.txt.attr index.txt.old newcerts private serial serial.old
[root@node02 CA]# cd newcerts/
[root@node02 newcerts]# ls
01.pem
[root@node02 newcerts]# cd ..
[root@node02 CA]# ls
cacert.pem certs crl index.txt index.txt.attr index.txt.old newcerts private serial serial.old
[root@node02 CA]# ll certs/
总用量 8
-rw-r--r-- 1 root root 4480 1月 29 13:26 nginx.crt
[root@node02 CA]# scp certs/nginx.crt node01:/etc/nginx/ssl/
The authenticity of host 'node01 (192.168.32.132)' can't be established.
ECDSA key fingerprint is SHA256:0VrA1bIJY59rAo4HPYPuI9OBPgzS3mmmVZ4Erhkvs/I.
ECDSA key fingerprint is MD5:d3:ca:de:bf:b3:ad:38:25:71:e6:d6:07:5b:c9:7a:17.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node01,192.168.32.132' (ECDSA) to the list of known hosts.
root@node01's password:
Permission denied, please try again.
root@node01's password:
nginx.crt 100% 4480 3.9MB/s 00:00
4、配置
[root@node01 nginx]# cp conf.d/vhost1.conf conf.d/vhost1_ssl.conf
[root@node01 nginx]# vim conf.d/vhost1_ssl.conf
server {
listen 443 ssl;
server_name www.hehe.com;
root /data/nginx/vhost1;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols sslv3 TLSv1 tlsv1.1 tlsv1.2;
ssl_session_cache shared:SSL:10m;
}
[root@node01 nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 nginx]# nginx -s reload
[root@node01 nginx]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
5、验证
19、ngx_http_rewrite_module模块:将用户请求的URI基于regex所描述的模式进行检查,而后完成替换;
示例01
rewrite *.png --> *.jpg
[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
rewrite /(.*)\.png$ /$1.jpg;
}
[root@node01 vhost1]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 vhost1]# nginx -s reload
验证
示例02:rewrite http-->https
[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
rewrite /(.*)$ https://www.hehe.com/$1;
}
[root@node01 vhost1]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 vhost1]# nginx -s reload
验证
示例03:rewrite 多个rewrite
[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
rewrite /(.*)\.png$ http://www.hehe.com/$1.jpg;
rewrite /(.*)$ https://www.hehe.com/$1;
}
[root@node01 vhost1]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 vhost1]# nginx -s reload
验证
示例04:rewrite redirect
[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
rewrite /(.*).png$ /$1.jpg redirect;
}
[root@node01 vhost1]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 vhost1]# nginx -s reload
验证
示例05: rewrite permanent
[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf
server {
listen 80;
server_name www.hehe.com;
root /data/nginx/vhost1;
#rewrite /(.*)\.png$ /$1.jpg;
#rewrite /(.*)\.png$ http://www.hehe.com/$1.jpg;
#rewrite /(.*)$ https://www.hehe.com/$1;
#rewrite /(.*).png$ /$1.jpg;
#rewrite /(.*).png$ /$1.jpg redirect;
rewrite /(.*).png$ /$1.jpg permanent;
}
[root@node01 vhost1]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@node01 vhost1]# nginx -s reload
验证
20、ngx_http_referer_module模块:
(1)、valid_referers none | blocked | server_names | string ...;
定义referer首部的合法可用值;
none:请求报文首部没有referer首部;
blocked:请求报文的referer首部没有值;
server_names:参数,其可以有值作为主机名或主机名模式;
arbitrary_string:直接字符串,但可使用*作通配符;
regular expression:被指定的正则表达式模式匹配到的字符串;要使用~打头,例如 ~.*\.magedu\.com;
配置示例:
valid_referers none block server_names *.magedu.com*.mageedu.commagedu.* mageedu.* ~\.magedu\.;
if($invalid_referer) {
returnhttp://www.magedu.com/invalid.jpg;
}
网友评论