Nginx配置及相关处理方法

阅读更多

淘宝:tengine与nginx安装一样。

nginx安装及tomcat配置:http://www.cnblogs.com/huangjingzhou/articles/2153405.html

 

相关配置解释: 来源:http://www.oschina.net/code/snippet_12_175

 

user  nobody;
worker_processes  2;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    use epoll;
    worker_connections  4096;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    server_tokens off;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    limit_conn_zone  $binary_remote_addr zone=perip:10m; #访问连接数数量控制

    include gzip.conf;

    server {
        listen       80;
        server_name  localhost;

        location / { #禁止ip访问
	    deny all;
        }

        location ~ ^/NginxStatus { #开启nginx运行状态
            stub_status on;
            access_log off;
            allow   127.0.0.1; #允许指定ip访问
            allow   219.136.242.37;
            allow   192.168.2.0/24;
            deny    all;
        }

    }

    server {
	listen 80;
	server_name www.oschina.net m.oschina.net my.oschina.net;

        log_format  oschina_log
        '$remote_addr - $remote_user [$time_local] $request '
        '"$status" $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for"';
        access_log  logs/oschina.log;

	location ~ ^/NginxStatus {
            stub_status on;
            access_log off;
            auth_basic              "valid-user";  #需要用户名和密码认证才能查看
            auth_basic_user_file  /opt/ngx/conf/oschina_pw; #认证地址
        }

	location ~ ^/mrtg {
            auth_basic          "valid-user";
            auth_basic_user_file /opt/ngx/conf/oschina_pw;
            access_log off;
            root /opt/mrtg;
        }

        location ~ ^/awstats/ {
            root /data/oschina/webapp;
            access_log off;
            error_log off;
            auth_basic              "valid-user";
            auth_basic_user_file  /opt/ngx/conf/oschina_pw;
        }

	location ~ ^/(WEB-INF)/ { #禁止访问
            deny all;
        }

	location ~ ^/uploads/ {  #防盗链设置
            root /data/oschina/webapp;
            expires 24h;
	    valid_referers none blocked *.google.com *.qq.com *.oschina.net *.csdn.net *.gzv8.com;
	    if ($invalid_referer){
		rewrite ^/ http://www.oschina.net/img/logo.gif;
	    }
        }

        location ~ \.(htm|html|gif|jpg|jpeg|png|ico|rar|css|js|zip|txt|flv|swf|doc|ppt|xls|pdf)$ { #区分大小写匹配后缀
            root /data/oschina/webapp; #资料文件存方路径
	    access_log off;
            expires 24h;
        }

	location / { #地址跳转
	    proxy_pass http://localhost:9081;
	    include proxy.conf;
	}

	error_page 502 503 /502.html; #错误页
        error_page 404 /404.html;
	error_page 403 /403.html;
    }
}

 

 

如何封杀IP?

1.新建个配置文件:deny_block_ip.conf

 

#拒绝单个ip
#deny 192.168.1.15;

#允许某个ip
# allow 192.168.1.15;

#拒绝所有
# deny all;

#允许所有
# allow all;

#拒绝某个区间
#deny 192.168.1.0/25; 

 根据需求,写入相应的ip策略.

 

2.deny_block_ip.conf 加入到nginx.conf

 

include deny_block_ip.conf;

 3.重启nginx

 

/usr/local/nginx/sbin/nginx -s reload

 

nginx如何对请求的次数进行控制?

http://storysky.blog.51cto.com/628458/642970/

http://andrewyu.blog.51cto.com/1604432/595778

 

请求策略正则解释

http://www.blogjava.net/chenlb/archive/2010/02/03/311772.html

 

相关操作:

检查修改的配置是否正确:/usr/local/nginx/sbin/nginx -t

下面表示配置正确:

 

the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
  the configuration file /usr/local/nginx/conf/nginx.conf was tested successfully

 

 

重新加载配置:

kill -HUP `cat /usr/local/nginx/nginx.pid`

或者重新启动:

/usr/local/nginx/sbin/nginx -s reload

 

 

 

为 Cacti 添加 Nginx status 监控。

http://www.oschina.net/question/17_279

 

 

 

 

你可能感兴趣的:(nginx,tengine)