Nginx配置静态资源缓存时间及实现防盗链

  • 环境
    源主机:192.168.10.158
    系统:centos 7.4
    域名:www.wuxier.cn (跳转个人博客,点击试一试)
    盗链主机:192.168.10.191(使用Nginx+Tomcat实现负载均衡、动静分离的实验主机,点我进行复盘)
    系统:centos 7.4
    域名:www.ajie.com 和 www.taobao.com

  • 创建软件包存放目录
[root@fudanwuxi ~]# mkdir /root/software
[root@fudanwuxi ~]# cd /root/software/
[root@fudanwuxi software]# rz
rz waiting to receive.
Starting zmodem transfer.  Press Ctrl+C to cancel.
Transferring jdk-8u181-linux-x64.tar.gz...
  100%  181295 KB    7882 KB/sec    00:00:23       0 Errors   
Transferring apache-tomcat-8.5.32.tar.gz...
  100%    9360 KB    9360 KB/sec    00:00:01       0 Errors  

[root@fudanwuxi software]# 
  • 解压JDK到/user/local/
[root@fudanwuxi software]# tar xzvf jdk-8u181-linux-x64.tar.gz -C /usr/local/
  • 查看JAVA是否安装成功
[root@fudanwuxi software]# cd /usr/local/jdk1.8.0_181/bin/
[root@fudanwuxi bin]# ./java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
[root@fudanwuxi bin]# 
  • 配置环境变量
[root@fudanwuxi bin]# vi /etc/profile  #新增下面三行
export JAVA_HOME=/usr/local/jdk1.8.0_181
export CLASSPATH=.:$JAVA_HOME/lib
export PATH=$PATH:$JAVA_HOME/bin

[root@fudanwuxi bin]# source /etc/profile
  • 关闭selinux
[root@fudanwuxi bin]# getenforce 
Enforcing
[root@fudanwuxi bin]# setenforce 0
[root@fudanwuxi bin]# getenforce  
Permissive
  • 安装Nginx
[root@fudanwuxi bin]# cd /etc/yum.repos.d/
[root@fudanwuxi yum.repos.d]# vim nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

[root@fudanwuxi yum.repos.d]# yum install nginx
[root@fudanwuxi yum.repos.d]# systemctl start nginx
[root@fudanwuxi yum.repos.d]# systemctl enable nginx

Nginx配置静态资源缓存时间及实现防盗链_第1张图片

  • 隐藏Nginx版本号
[root@fudanwuxi ~]# curl -I http://192.168.10.158
HTTP/1.1 200 OK
Server: nginx/1.14.0  #版本号
Date: Thu, 23 Aug 2018 02:22:14 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 17 Apr 2018 15:48:00 GMT
Connection: keep-alive
ETag: "5ad61730-264"
Accept-Ranges: bytes

[root@fudanwuxi ~]# vi /etc/nginx/nginx.conf  
     21     server_tokens off;  #新增
     22     access_log  /var/log/nginx/access.log  main;

[root@fudanwuxi ~]# systemctl restart nginx
[root@fudanwuxi ~]# curl -I http://192.168.10.158
HTTP/1.1 200 OK
Server: nginx  #版本号隐藏了
Date: Thu, 23 Aug 2018 02:24:46 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 17 Apr 2018 15:48:00 GMT
Connection: keep-alive
ETag: "5ad61730-264"
Accept-Ranges: bytes
  • 在Nginx首页添加一张图片
[root@fudanwuxi conf.d]# cd /usr/share/nginx/html/
[root@fudanwuxi html]# rz
rz waiting to receive.
Starting zmodem transfer.  Press Ctrl+C to cancel.
Transferring wuxier.jpg...
  100%       5 KB       5 KB/sec    00:00:01       0 Errors  

[root@fudanwuxi html]# cp index.html index.html.bak
[root@fudanwuxi html]# vi index.html  #在首页中添加刚上传的图片
     13 
     14   #新增,wuxier.jpg就是刚上传的图片
     15 

Welcome to nginx!

16

If you see this page, the nginx web server is successfully installed and 17 working. Further configuration is required.

18 19

For online documentation and support please refer to 20 nginx.org.
21 Commercial support is available at 22 nginx.com.

23 24

Thank you for using nginx.

25
  • 配置静态资源缓存时间
[root@fudanwuxi html]# vim /etc/nginx/conf.d/default.conf  #新增以下内容
    location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
        root   /usr/share/nginx/html;
        expires 2d;
}
[root@fudanwuxi html]# systemctl restart nginx 

Nginx配置静态资源缓存时间及实现防盗链_第2张图片

  • 修改windows的hosts文件

  • 修改虚拟主机 www.wuxier.cn 的配置文件
[root@fudanwuxi conf.d]# pwd
/etc/nginx/conf.d
[root@fudanwuxi conf.d]# cp default.conf wuxier.conf
[root@fudanwuxi conf.d]# ll
total 8
-rw-r--r--. 1 root root 1206 Aug 23 10:53 default.conf
-rw-r--r--. 1 root root  283 Aug 23 12:12 wuxier.conf

[root@fudanwuxi conf.d]# cat wuxier.conf 
server {
    listen       80;
    server_name  www.wuxier.cn;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
        root   /usr/share/nginx/html;
        expires 2d;
    }

}
[root@fudanwuxi conf.d]# systemctl restart nginx 

Nginx配置静态资源缓存时间及实现防盗链_第3张图片

  • 验证
  • 当访问的是taobao1时,如下图

Nginx配置静态资源缓存时间及实现防盗链_第4张图片
Nginx配置静态资源缓存时间及实现防盗链_第5张图片

  • 当访问的是taobao2时,如下图

  • 源主机防盗链配置
[root@fudanwuxi conf.d]# cat wuxier.conf    
server {
    listen       80;
    server_name  www.wuxier.cn;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

#    location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
#        root   /usr/share/nginx/html;
#        autoindex on;
#        expires 2d;
#    }

    location ~*\.(jpg|png|gif|jpeg)$ {
           root  /usr/share/nginx/html;  #图片路径
           valid_referers none blocked  *.wuxier.cn  wuxier.cn  *.ajie.com  ajie.com;  #可以访问图片的白名单
           if ($invalid_referer) {  #如果来路不是指定的白名单来路,则返回下面的图片
           rewrite ^/ https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1535013233040&di=64a20c24bd1e4906ad2eb7205fe3abec&imgtype=0&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fexp%2Fw%3D480%2Fsign%3D7953092ec195d143da76e52b43f18296%2F8ad4b31c8701a18bbc22f762972f07082938fed6.jpg; 
                }
                }

}
[root@fudanwuxi conf.d]# 
[root@fudanwuxi html]# systemctl restart nginx
  • 防盗链结果验证
  • 当访问taobao1的时候,因为taobao1之前是使用了 www.wuxier.cn/wuxier.jgp 图片,所以会返回盗链的图片,如下图

Nginx配置静态资源缓存时间及实现防盗链_第6张图片

  • 当访问taobao2的时候,如下图

Nginx配置静态资源缓存时间及实现防盗链_第7张图片

  • 当访问 www.wuxier.cn 的时候,如下图(白名单)

Nginx配置静态资源缓存时间及实现防盗链_第8张图片

  • 当访问 www.ajie.com 的时候,如下图(白名单)

Nginx配置静态资源缓存时间及实现防盗链_第9张图片

  • 当从配置文件wuxier.conf中将*ajie.com和ajie.com从白名单中删除后,再进行访问
[root@fudanwuxi conf.d]# vim /etc/nginx/conf.d/wuxier.conf 
server {
    listen       80;
    server_name  www.wuxier.cn;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

#    location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
#        root   /usr/share/nginx/html;
#        autoindex on;
#        expires 2d;
#    }

    location ~*\.(jpg|png|gif|jpeg)$ {
           root  /usr/share/nginx/html;
           valid_referers none blocked  *.wuxier.cn  wuxier.cn;  #将*.ajie.com和ajie.com删除
           if ($invalid_referer) {
           rewrite ^/ https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1535013233040&di=64a20c24bd1e4906ad2eb7205fe3abec&imgtype=0&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fexp%2Fw%3D480%2Fsign%3D7953092ec195d143da76e52b43f18296%2F8ad4b31c8701a18bbc22f762972f07082938fed6.jpg; 
                }
                }

}
[root@fudanwuxi conf.d]# 

访问结果如下
Nginx配置静态资源缓存时间及实现防盗链_第10张图片

你可能感兴趣的:(Nginx配置静态资源缓存时间及实现防盗链)