配置Nginx全过程

首页 > 代码库 > 配置Nginx全过程

2024-08-23 01:52:53 219人阅读

状态码：

200：表示正常

301：表示域名跳转

401：表示需要输入用户名和密码

403：表示可能被禁止访问

302、404：表示输入的路径可能有错

500：表示php脚本有问题

502：配置错误nginx用sock或者IP+port，还有就是资源耗尽，nginx属主

写个nginx启动脚本

vim /etc/init.d/nginx

#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings

NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"

start() {
      echo -n$"Starting $prog: "
      mkdir -p/dev/shm/nginx_temp
      daemon$NGINX_SBIN -c $NGINX_CONF
      RETVAL=$?
      echo
      return$RETVAL
}

stop() {
      echo -n$"Stopping $prog: "
      killproc-p $NGINX_PID $NGINX_SBIN -TERM
      rm -rf/dev/shm/nginx_temp
      RETVAL=$?
      echo
      return$RETVAL
}

reload(){
      echo -n$"Reloading $prog: "
      killproc-p $NGINX_PID $NGINX_SBIN -HUP
      RETVAL=$?
      echo
      return$RETVAL
}

restart(){
      stop
      start
}

configtest(){
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}

case "$1" in
  start)
      start
      ;;
  stop)
      stop
      ;;
  reload)
      reload
      ;;
  restart)
      restart
      ;;
  configtest)
      configtest
      ;;
  *)
      echo$"Usage: $0 {start|stop|reload|restart|configtest}"
      RETVAL=1
esac
exit $RETVAL

chmod 755 /etc/init.d/nginx

chkconfig --add nginx

chkconfig nginx on

整理nginx配置文件

#清空原来的配置

vim /usr/local/nginx/conf/nginx.conf

user nobody nobody;

worker_processes 2;

error_log/usr/local/nginx/logs/nginx_error.log crit;

pid /usr/local/nginx/logs/nginx.pid;

worker_rlimit_nofile 51200;

events

{

use epoll;

worker_connections 6000;

}

http

{

include mime.types;

default_type application/octet-stream;

server_names_hash_bucket_size 3526;

server_names_hash_max_size 4096;

log_format combined_realip ‘$remote_addr $http_x_forwarded_for[$time_local]‘

‘$host "$request_uri" $status‘

‘"$http_referer" "$http_user_agent"‘;

sendfile on;

tcp_nopush on;

keepalive_timeout 30;

client_header_timeout 3m;

client_body_timeout 3m;

send_timeout 3m;

connection_pool_size 256;

client_header_buffer_size1k;

large_client_header_buffers 8 4k;

request_pool_size 4k;

output_buffers 4 32k;

postpone_output 1460;

client_max_body_size 10m;

client_body_buffer_size 256k;

client_body_temp_path /usr/local/nginx/client_body_temp;

proxy_temp_path /usr/local/nginx/proxy_temp;

fastcgi_temp_path /usr/local/nginx/fastcgi_temp;

fastcgi_intercept_errors on;

tcp_nodelay on;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 8k;

gzip_comp_level 5;

gzip_http_version 1.1;

gzip_types text/plain application/x-javascript text/css text/htmapplication/xml;

include vhosts/*.conf; #虚拟主机

}

添加虚拟主机

#默认虚拟主机独立一个文件

mkdir /usr/local/nginx/conf/vhosts

vim/usr/local/nginx/conf/vhosts/default.conf #默认虚拟主机多了个default

server

{

listen 80 default;

server_name localhost;

index index.html index.htm index.php;

root /data/abc;

location ~ \.php$ {

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/abc$fastcgi_script_name;

}

#设置个空目录，让它403

#第二虚拟主机独立一个文件

vim /usr/local/nginx/conf/vhosts/123.conf #第二个虚拟主机

server

{

listen 80;

server_name www.123.com;

index index.html index.htm index.php;

root /data/www;

location ~ \.php$ {

include fastcgi_params;

#fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;

}

#只能用域名访问，nginx通过fastcgi的端口加IP的形式把php交给php-fpm处理，最后返回给nginx代理

#虚拟主机的根目录为/data/www

Nginx用户认证

#独立一段添加

#工具apache的htpasswd，限制后台admin.php

vim /usr/local/nginx/conf/vhosts/123.conf

location ~ .*admin\.php$ {

auth_basic "tingshi";

auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;

}

touch /usr/local/nginx/conf/.htpasswd

htpasswd -c /usr/local/nginx/conf/.htpasswdaming #通过htpasswd工具创建用户

#每个动态网页都需要php解析

域名重定向

#外部添加

listen 80;

server_name www.123.com www.abc.com;

if ($host != ‘www.123.com‘)

{

rewrite ^/(.*)$http://www.123.com/$1 permanent;

}

index index.html index.htm index.php;

root /data/www;

#支持多个域名重定向，在外层设置重定向

/usr/local/nginx/sbin/nginx -s reload

不记录指定文件类型日志/配置静态文件过期时间

#独立一段添加

access_log /tmp/access.log aming; #这在全局设置

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

access_log off;

}

location ~ .*\.(js|css)$

{

expires 12h;

access_log off;

}

#在设置access_log之前要打开mginx配置文件vim/usr/local/nginx/conf/nginx.conf

其中定好日志的格式log_format aming aming就是格式，被access_log引用，其它两个location在外面定义

expires 30d #配置静态文件的过期时间

日志切割

vim /usr/local/sbin/nginx_logroate.sh

#!/bin/bash

d=`date -d "-1 day" +%F`

[ -d /tmp/nginx_log ] || mkdir/tmp/nginx_log

mv /tmp/access.log /tmp/nginx_log/$d.log

/etc/init.d/nginx reload > /dev/null

cd /tmp/nginx_log

gzip -f $d.log

crontab –e #加入到计划任务

0 0 * * * /bin/bash /usr/local/sbin/nginx_logroate.sh

#每天的0点执行

静态文件的过期时间

#内部添加

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

access_log off;

}

expires 30d #配置静态文件的过期时间

配置防盗链

#防止某张图片或者某些东西被另一个网站盗用，内部添加

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|rar|zip|bz2)$

{

expires 30d;

access_log off;

valid_referersnone blocked *.123.com *.abc.com;

if ($invalid_referer)

{

return 403;

}

#测试

curl -e"http://www.baidu.com/123" -x127.0.0.1:80‘http://www.123.com/static/image/common/titlebg.png‘ –I #返回403

curl -e "http://www.123.com/123"-x127.0.0.1:80 ‘http://www.123.com/static/image/common/titlebg.png‘ –I #返回200

指定referer的时候就应该带上 http://

访问控制

#限制某些IP，外部添加限定整个根目录，内部添加限制某些文件，定义了匹配对象的时候优先匹配

server

{

listen 80;

server_name www.123.com www.abc.com;

if ($host != ‘www.123.com‘)

{

rewrite ^/(.*)$ http://www.123.com/$1 permanent;

}

index index.html index.htm index.php;

root /data/www;

access_log /tmp/access.log aming;

deny 127.0.0.1;

location ~ .*admin\.php$ {

allow 127.0.0.1;

deny all;

#auth_basic "tingshi";

#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

include fastcgi_params;

fastcgi_pass unix:/tmp/php-fcgi.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;

}

curl -x127.0.0.1:80 www.123.com/admin.php-I

curl -x127.0.0.1:80 www.123.com/forum.php-I

curl -x192.168.134.132:80www.123.com/admin.php -I

当定义了匹配对象的时候优先匹配，也就是越精准越优先，当没有定义匹配对象的时候屎从上到下逐条匹配。

禁止指定user_agent

#禁止某些搜索引擎，在外部配置

if ($http_user_agent ~* ‘curl|baidu|youdao‘)

{

return 403;

}

curl -A "qwewbaiduq"-x127.0.0.1:80 www.123.com/admin.php -I

curl -x 127.0.0.1:80 www.123.com/admin.php-I

nginx代理

#代理百度的IP,独立一个文件

upstream bbb

{

server 14.215.177.38;

}

server {

listen 80;

server_name www.baidu.com;

location / {

proxy_pass http://bbb/;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;

}

access_log /home/logs/bb_access.log combined;

}

curl -x127.0.0.1:80 www.baidu.com -I

本文出自 “11736718” 博客，请务必保留此出处http://11746718.blog.51cto.com/11736718/1876249

配置Nginx全过程

声明：以上内容来自用户投稿及互联网公开渠道收集整理发布，本网站不拥有所有权，未作人工编辑处理，也不承担相关法律责任，若内容有误或涉及侵权可进行投诉：投诉/举报工作人员会在5个工作日内联系你，一经查实，本站将立刻删除涉嫌侵权内容。

联系
我们

首页 > 代码库 > 配置Nginx全过程