-
环境
源主机:192.168.10.158
系统:centos 7.4
域名:www.wuxier.cn (跳转个人博客,点击试一试)
盗链主机:192.168.10.191(使用Nginx+Tomcat实现负载均衡、动静分离的实验主机,点我进行复盘)
系统:centos 7.4
域名:www.ajie.com 和 www.taobao.com - 创建软件包存放目录
[root@fudanwuxi ~]# mkdir /root/software
[root@fudanwuxi ~]# cd /root/software/
[root@fudanwuxi software]# rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring jdk-8u181-linux-x64.tar.gz...
100% 181295 KB 7882 KB/sec 00:00:23 0 Errors
Transferring apache-tomcat-8.5.32.tar.gz...
100% 9360 KB 9360 KB/sec 00:00:01 0 Errors
[root@fudanwuxi software]# - 解压JDK到/user/local/
[root@fudanwuxi software]# tar xzvf jdk-8u181-linux-x64.tar.gz -C /usr/local/- 查看JAVA是否安装成功
[root@fudanwuxi software]# cd /usr/local/jdk1.8.0_181/bin/
[root@fudanwuxi bin]# ./java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
[root@fudanwuxi bin]# - 配置环境变量
[root@fudanwuxi bin]# vi /etc/profile #新增下面三行
export JAVA_HOME=/usr/local/jdk1.8.0_181
export CLASSPATH=.:$JAVA_HOME/lib
export PATH=$PATH:$JAVA_HOME/bin
[root@fudanwuxi bin]# source /etc/profile- 关闭selinux
[root@fudanwuxi bin]# getenforce
Enforcing
[root@fudanwuxi bin]# setenforce 0
[root@fudanwuxi bin]# getenforce
Permissive- 安装Nginx
[root@fudanwuxi bin]# cd /etc/yum.repos.d/
[root@fudanwuxi yum.repos.d]# vim nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@fudanwuxi yum.repos.d]# yum install nginx
[root@fudanwuxi yum.repos.d]# systemctl start nginx
[root@fudanwuxi yum.repos.d]# systemctl enable nginx
- 隐藏Nginx版本号
[root@fudanwuxi ~]# curl -I http://192.168.10.158
HTTP/1.1 200 OK
Server: nginx/1.14.0 #版本号
Date: Thu, 23 Aug 2018 02:22:14 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 17 Apr 2018 15:48:00 GMT
Connection: keep-alive
ETag: "5ad61730-264"
Accept-Ranges: bytes
[root@fudanwuxi ~]# vi /etc/nginx/nginx.conf
21 server_tokens off; #新增
22 access_log /var/log/nginx/access.log main;
[root@fudanwuxi ~]# systemctl restart nginx
[root@fudanwuxi ~]# curl -I http://192.168.10.158
HTTP/1.1 200 OK
Server: nginx #版本号隐藏了
Date: Thu, 23 Aug 2018 02:24:46 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 17 Apr 2018 15:48:00 GMT
Connection: keep-alive
ETag: "5ad61730-264"
Accept-Ranges: bytes- 在Nginx首页添加一张图片
[root@fudanwuxi conf.d]# cd /usr/share/nginx/html/
[root@fudanwuxi html]# rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring wuxier.jpg...
100% 5 KB 5 KB/sec 00:00:01 0 Errors
[root@fudanwuxi html]# cp index.html index.html.bak
[root@fudanwuxi html]# vi index.html #在首页中添加刚上传的图片
13
14 
#新增,wuxier.jpg就是刚上传的图片
15 Welcome to nginx!
16 If you see this page, the nginx web server is successfully installed and
17 working. Further configuration is required.
18
19 For online documentation and support please refer to
20 nginx.org.
21 Commercial support is available at
22 nginx.com.
23
24 Thank you for using nginx.
25 - 配置静态资源缓存时间
[root@fudanwuxi html]# vim /etc/nginx/conf.d/default.conf #新增以下内容
location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
root /usr/share/nginx/html;
expires 2d;
}[root@fudanwuxi html]# systemctl restart nginx 
-
修改windows的hosts文件
- 修改虚拟主机 www.wuxier.cn 的配置文件
[root@fudanwuxi conf.d]# pwd
/etc/nginx/conf.d
[root@fudanwuxi conf.d]# cp default.conf wuxier.conf
[root@fudanwuxi conf.d]# ll
total 8
-rw-r--r--. 1 root root 1206 Aug 23 10:53 default.conf
-rw-r--r--. 1 root root 283 Aug 23 12:12 wuxier.conf
[root@fudanwuxi conf.d]# cat wuxier.conf
server {
listen 80;
server_name www.wuxier.cn;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
root /usr/share/nginx/html;
expires 2d;
}
}[root@fudanwuxi conf.d]# systemctl restart nginx 
- 验证
- 当访问的是taobao1时,如下图
- 当访问的是taobao2时,如下图
- 源主机防盗链配置
[root@fudanwuxi conf.d]# cat wuxier.conf
server {
listen 80;
server_name www.wuxier.cn;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
# root /usr/share/nginx/html;
# autoindex on;
# expires 2d;
# }
location ~*\.(jpg|png|gif|jpeg)$ {
root /usr/share/nginx/html; #图片路径
valid_referers none blocked *.wuxier.cn wuxier.cn *.ajie.com ajie.com; #可以访问图片的白名单
if ($invalid_referer) { #如果来路不是指定的白名单来路,则返回下面的图片
rewrite ^/ https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1535013233040&di=64a20c24bd1e4906ad2eb7205fe3abec&imgtype=0&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fexp%2Fw%3D480%2Fsign%3D7953092ec195d143da76e52b43f18296%2F8ad4b31c8701a18bbc22f762972f07082938fed6.jpg;
}
}
}
[root@fudanwuxi conf.d]# [root@fudanwuxi html]# systemctl restart nginx- 防盗链结果验证
- 当访问taobao1的时候,因为taobao1之前是使用了 www.wuxier.cn/wuxier.jgp 图片,所以会返回盗链的图片,如下图
- 当访问taobao2的时候,如下图
- 当访问 www.wuxier.cn 的时候,如下图(白名单)
- 当访问 www.ajie.com 的时候,如下图(白名单)
- 当从配置文件wuxier.conf中将*ajie.com和ajie.com从白名单中删除后,再进行访问
[root@fudanwuxi conf.d]# vim /etc/nginx/conf.d/wuxier.conf
server {
listen 80;
server_name www.wuxier.cn;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
# root /usr/share/nginx/html;
# autoindex on;
# expires 2d;
# }
location ~*\.(jpg|png|gif|jpeg)$ {
root /usr/share/nginx/html;
valid_referers none blocked *.wuxier.cn wuxier.cn; #将*.ajie.com和ajie.com删除
if ($invalid_referer) {
rewrite ^/ https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1535013233040&di=64a20c24bd1e4906ad2eb7205fe3abec&imgtype=0&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fexp%2Fw%3D480%2Fsign%3D7953092ec195d143da76e52b43f18296%2F8ad4b31c8701a18bbc22f762972f07082938fed6.jpg;
}
}
}
[root@fudanwuxi conf.d]# 访问结果如下