欢迎光临
我们一直在努力

后端必备 Nginx 配置

概要

  • 防盗链
  • 根据文件类型设置过期时间
  • 静态资源访问
  • 日志配置
    • 日志字段说明
    • access_log 访问日志
    • error_log 日志
    • 日志切割
  • 反向代理
  • 禁止指定user_agent
  • nginx访问控制
  • 负载均衡

防盗链

<span class="hljs-attribute js-evernote-checked" data-evernote-id="519">location</span> <span class="hljs-regexp js-evernote-checked" data-evernote-id="553">~* \.(gif|jpg|png)$</span> {
    <span class="hljs-comment js-evernote-checked" data-evernote-id="442"># 只允许 192.168.0.1 请求资源</span>
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="520">valid_referers</span> <span class="hljs-literal js-evernote-checked" data-evernote-id="468">none</span> <span class="hljs-literal js-evernote-checked" data-evernote-id="469">blocked</span> <span class="hljs-number js-evernote-checked" data-evernote-id="470">192.168.0.1</span>;
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="521">if</span> (<span class="hljs-variable js-evernote-checked" data-evernote-id="471">$invalid_referer</span>) {
       <span class="hljs-attribute js-evernote-checked" data-evernote-id="522">rewrite</span><span class="hljs-regexp js-evernote-checked" data-evernote-id="554"> ^/</span> http://<span class="hljs-variable js-evernote-checked" data-evernote-id="472">$host</span>/logo.png;
    }
}<span class="copy-code-btn js-evernote-checked" data-evernote-id="561">复制代码</span>

根据文件类型设置过期时间

location ~.*\.css$ {
    expires 1d;
    <span class="hljs-built_in js-evernote-checked" data-evernote-id="555">break</span>;
}
location ~.*\.js$ {
    expires 1d;
    <span class="hljs-built_in js-evernote-checked" data-evernote-id="556">break</span>;
}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
    access_log off;
    expires 15d;    <span class="hljs-comment js-evernote-checked" data-evernote-id="443">#保存15天</span>
    <span class="hljs-built_in js-evernote-checked" data-evernote-id="557">break</span>;
}

<span class="hljs-comment js-evernote-checked" data-evernote-id="444"># curl -x127.0.0.1:80 http://www.test.com/static/image/common/logo.png -I #测试图片的max-age</span>
<span class="copy-code-btn js-evernote-checked" data-evernote-id="562">复制代码</span>

静态资源访问

<span class="hljs-section js-evernote-checked" data-evernote-id="513">http</span> {
    <span class="hljs-comment js-evernote-checked" data-evernote-id="445"># 这个将为打开文件指定缓存,默认是没有启用的,max 指定缓存数量,</span>
    <span class="hljs-comment js-evernote-checked" data-evernote-id="446"># 建议和打开文件数一致,inactive 是指经过多长时间文件没被请求后删除缓存。</span>
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="523">open_file_cache</span> max=<span class="hljs-number js-evernote-checked" data-evernote-id="473">204800</span> inactive=<span class="hljs-number js-evernote-checked" data-evernote-id="474">20s</span>;

    <span class="hljs-comment js-evernote-checked" data-evernote-id="447"># open_file_cache 指令中的inactive 参数时间内文件的最少使用次数,</span>
    <span class="hljs-comment js-evernote-checked" data-evernote-id="448"># 如果超过这个数字,文件描述符一直是在缓存中打开的,如上例,如果有一个</span>
    <span class="hljs-comment js-evernote-checked" data-evernote-id="449"># 文件在inactive 时间内一次没被使用,它将被移除。</span>
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="524">open_file_cache_min_uses</span> <span class="hljs-number js-evernote-checked" data-evernote-id="475">1</span>;

    <span class="hljs-comment js-evernote-checked" data-evernote-id="450"># 这个是指多长时间检查一次缓存的有效信息</span>
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="525">open_file_cache_valid</span> <span class="hljs-number js-evernote-checked" data-evernote-id="476">30s</span>;

    <span class="hljs-comment js-evernote-checked" data-evernote-id="451"># 默认情况下,Nginx的gzip压缩是关闭的, gzip压缩功能就是可以让你节省不</span>
    <span class="hljs-comment js-evernote-checked" data-evernote-id="452"># 少带宽,但是会增加服务器CPU的开销哦,Nginx默认只对text/html进行压缩 ,</span>
    <span class="hljs-comment js-evernote-checked" data-evernote-id="453"># 如果要对html之外的内容进行压缩传输,我们需要手动来设置。</span>
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="526">gzip</span> <span class="hljs-literal js-evernote-checked" data-evernote-id="477">on</span>;
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="527">gzip_min_length</span> <span class="hljs-number js-evernote-checked" data-evernote-id="478">1k</span>;
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="528">gzip_buffers</span> <span class="hljs-number js-evernote-checked" data-evernote-id="479">4</span> <span class="hljs-number js-evernote-checked" data-evernote-id="480">16k</span>;
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="529">gzip_http_version</span> <span class="hljs-number js-evernote-checked" data-evernote-id="481">1</span>.<span class="hljs-number js-evernote-checked" data-evernote-id="482">0</span>;
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="530">gzip_comp_level</span> <span class="hljs-number js-evernote-checked" data-evernote-id="483">2</span>;
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="531">gzip_types</span> text/plain application/x-javascript text/css application/xml;


    <span class="hljs-section js-evernote-checked" data-evernote-id="514">server</span> {
        <span class="hljs-attribute js-evernote-checked" data-evernote-id="532">listen</span>       <span class="hljs-number js-evernote-checked" data-evernote-id="484">80</span>;
        <span class="hljs-attribute js-evernote-checked" data-evernote-id="533">server_name</span> www.test.com;
        <span class="hljs-attribute js-evernote-checked" data-evernote-id="534">charset</span> utf-<span class="hljs-number js-evernote-checked" data-evernote-id="485">8</span>;
        <span class="hljs-attribute js-evernote-checked" data-evernote-id="535">root</span>   /data/www.test.com;
        <span class="hljs-attribute js-evernote-checked" data-evernote-id="536">index</span>  index.html index.htm;
    }
}<span class="copy-code-btn js-evernote-checked" data-evernote-id="563">复制代码</span>

日志配置

日志字段说明

字段说明
remote_addr 和 http_x_forwarded_for客户端 IP 地址
remote_user客户端用户名称
request请求的 URI 和 HTTP 协议
status请求状态
body_bytes_sent返回给客户端的字节数,不包括响应头的大小
bytes_sent返回给客户端总字节数
connection连接的序列号
connection_requests当前同一个 TCP 连接的的请求数量
msec日志写入时间。单位为秒,精度是毫秒
pipe如果请求是通过HTTP流水线(pipelined)发送,pipe值为“p”,否则为“.”
http_referer记录从哪个页面链接访问过来的
http_user_agent记录客户端浏览器相关信息
request_length请求的长度(包括请求行,请求头和请求正文)
time_iso8601ISO8601标准格式下的本地时间
time_local记录访问时间与时区

access_log 访问日志

<span class="hljs-section js-evernote-checked" data-evernote-id="515">http</span> {
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="537">log_format</span>  access  <span class="hljs-string js-evernote-checked" data-evernote-id="508">'<span class="hljs-variable js-evernote-checked" data-evernote-id="486">$remote_addr</span> - <span class="hljs-variable js-evernote-checked" data-evernote-id="487">$remote_user</span> [<span class="hljs-variable js-evernote-checked" data-evernote-id="488">$time_local</span>] <span class="hljs-variable js-evernote-checked" data-evernote-id="489">$host</span> "<span class="hljs-variable js-evernote-checked" data-evernote-id="490">$request</span>" '</span>
                  <span class="hljs-string js-evernote-checked" data-evernote-id="509">'<span class="hljs-variable js-evernote-checked" data-evernote-id="491">$status</span> <span class="hljs-variable js-evernote-checked" data-evernote-id="492">$body_bytes_sent</span> "<span class="hljs-variable js-evernote-checked" data-evernote-id="493">$http_referer</span>" '</span>
                  <span class="hljs-string js-evernote-checked" data-evernote-id="510">'"<span class="hljs-variable js-evernote-checked" data-evernote-id="494">$http_user_agent</span>" "<span class="hljs-variable js-evernote-checked" data-evernote-id="495">$http_x_forwarded_for</span>" "<span class="hljs-variable js-evernote-checked" data-evernote-id="496">$clientip</span>"'</span>;
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="538">access_log</span>  /srv/log/nginx/talk-fun.access.log  access;
}<span class="copy-code-btn js-evernote-checked" data-evernote-id="564">复制代码</span>

error_log 日志

<span class="hljs-attribute js-evernote-checked" data-evernote-id="539">error_log</span>  /srv/log/nginx/nginx_error.log  <span class="hljs-literal js-evernote-checked" data-evernote-id="497">error</span>;
<span class="hljs-comment js-evernote-checked" data-evernote-id="454"># error_log /dev/null; # 真正的关闭错误日志</span>
<span class="hljs-section js-evernote-checked" data-evernote-id="516">http</span> {
    <span class="hljs-comment js-evernote-checked" data-evernote-id="455"># ...</span>
}<span class="copy-code-btn js-evernote-checked" data-evernote-id="565">复制代码</span>

日志切割

<span class="hljs-meta js-evernote-checked" data-evernote-id="559">#</span><span class="bash"> 和apache不同的是,nginx没有apache一样的工具做切割,需要编写脚本实现。<span class="hljs-comment js-evernote-checked" data-evernote-id="456"># 在/usr/local/sbin下写脚本</span></span>
<span class="hljs-meta js-evernote-checked" data-evernote-id="560">

#</span><span class="bash">!/bin/bash</span>
dd=$(date -d '-1 day' +%F)[ -d /tmp/nginx_log ] || mkdir /tmp/nginx_log
mv /tmp/nginx_access.log /tmp/nginx_log/$dd.log
/etc/init.d/nginx reload > /dev/null
<span class="copy-code-btn js-evernote-checked" data-evernote-id="566">复制代码</span>

反向代理

<span class="hljs-section js-evernote-checked" data-evernote-id="517">http</span> {
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="540">include</span> mime.types;
    <span class="hljs-attribute js-evernote-checked" data-evernote-id="541">server_tokens</span> <span class="hljs-literal js-evernote-checked" data-evernote-id="498">off</span>;

    <span class="hljs-comment js-evernote-checked" data-evernote-id="457">## 配置反向代理的参数</span>
    <span class="hljs-section js-evernote-checked" data-evernote-id="518">server</span> {
        <span class="hljs-attribute js-evernote-checked" data-evernote-id="542">listen</span>    <span class="hljs-number js-evernote-checked" data-evernote-id="499">8080</span>;

        <span class="hljs-comment js-evernote-checked" data-evernote-id="458">## 1. 用户访问 http://ip:port,则反向代理到 https://github.com</span>
        <span class="hljs-attribute js-evernote-checked" data-evernote-id="543">location</span> / {
            <span class="hljs-attribute js-evernote-checked" data-evernote-id="544">proxy_pass</span>  https://github.com;
            <span class="hljs-attribute js-evernote-checked" data-evernote-id="545">proxy_redirect</span>     <span class="hljs-literal js-evernote-checked" data-evernote-id="500">off</span>;
            <span class="hljs-attribute js-evernote-checked" data-evernote-id="546">proxy_set_header</span>   Host             <span class="hljs-variable js-evernote-checked" data-evernote-id="501">$host</span>;
            <span class="hljs-attribute js-evernote-checked" data-evernote-id="547">proxy_set_header</span>   X-Real-IP        <span class="hljs-variable js-evernote-checked" data-evernote-id="502">$remote_addr</span>;
            <span class="hljs-attribute js-evernote-checked" data-evernote-id="548">proxy_set_header</span>   X-Forwarded-For  <span class="hljs-variable js-evernote-checked" data-evernote-id="503">$proxy_add_x_forwarded_for</span>;
        }

        <span class="hljs-comment js-evernote-checked" data-evernote-id="459">## 2.用户访问 http://ip:port/README.md,则反向代理到</span>
        <span class="hljs-comment js-evernote-checked" data-evernote-id="460">##   https://github.com/zibinli/blog/blob/master/README.md</span>
        <span class="hljs-attribute js-evernote-checked" data-evernote-id="549">location</span> /README.md {
            <span class="hljs-attribute js-evernote-checked" data-evernote-id="550">proxy_set_header</span>  X-Real-IP  <span class="hljs-variable js-evernote-checked" data-evernote-id="504">$remote_addr</span>;
            <span class="hljs-attribute js-evernote-checked" data-evernote-id="551">proxy_set_header</span> X-Forwarded-For <span class="hljs-variable js-evernote-checked" data-evernote-id="505">$proxy_add_x_forwarded_for</span>;
            <span class="hljs-attribute js-evernote-checked" data-evernote-id="552">proxy_pass</span> https://github.com/zibinli/blog/blob/master/README.md;
        }
    }
}<span class="copy-code-btn js-evernote-checked" data-evernote-id="567">复制代码</span>

禁止指定user_agent

<span class="hljs-comment js-evernote-checked" data-evernote-id="461">#虚拟主机的配置文件里加入:</span>

<span class="hljs-keyword js-evernote-checked" data-evernote-id="467">if</span> (<span class="hljs-variable js-evernote-checked" data-evernote-id="506">$http_user_agent</span> ~* <span class="hljs-string js-evernote-checked" data-evernote-id="511">'baidu|360|sohu'</span>) <span class="hljs-comment js-evernote-checked" data-evernote-id="462">#禁止useragent为baidu、360和sohu,~*表示不区分大小写匹配</span>
{
   <span class="hljs-built_in js-evernote-checked" data-evernote-id="558">return</span> 403;
}

location /  和  location  ~ /  优先级是不一样的。 
结合这个文章研究一下吧 http://blog.itpub.net/27181165/viewspace-777202/
curl -A <span class="hljs-string js-evernote-checked" data-evernote-id="512">"baidu"</span> -x127.0.0.1:80 www.test.com/forum.php -I    该命令指定百度为user_agent,返回403
<span class="copy-code-btn js-evernote-checked" data-evernote-id="568">复制代码</span>

nginx访问控制

<span class="hljs-comment js-evernote-checked" data-evernote-id="463"># 可以设置一些配置禁止一些ip的访问</span>

deny 127.0.0.1;     <span class="hljs-comment js-evernote-checked" data-evernote-id="464">#全局定义限制,location里的是局部定义的。如果两者冲突,以location这种精确地优先,</span>

location ~ .*admin\.php$ {
    <span class="hljs-comment js-evernote-checked" data-evernote-id="465">#auth_basic "cct auth";</span>
    <span class="hljs-comment js-evernote-checked" data-evernote-id="466">#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;</span>

    allow 127.0.0.1;  只允许127.0.0.1的访问,其他均拒绝
    deny all;

    include fastcgi_params;
    fastcgi_pass unix:/tmp/www.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /data/www<span class="hljs-variable js-evernote-checked" data-evernote-id="507">$fastcgi_script_name</span>;
}
<span class="copy-code-btn js-evernote-checked" data-evernote-id="569">复制代码</span>

负载均衡

http {
    upstream test.net {
        ip_hash;
        server 192.168.10.13:80;
        server 192.168.10.14:80  down;
        server 192.168.10.15:8009  max_fails=3  fail_timeout=20s;
        server 192.168.10.16:8080;
    }
    server {
        location / {
            proxy_pass  http://test.net;
        }
    }
}
未经允许不得转载:798VPS » 后端必备 Nginx 配置

相关推荐

  • 暂无文章