nginx从入门到实战(三)

nginx从入门到实战(三)

  • location匹配优先级

    #第一先匹配精确匹配“=”,第二匹配前缀匹配“^~”,第三匹配正则“~”
    
    server {
        listen       80;
        server_name  testserver1 jeson.t.imoocc.io;
    
        #charset koi8-r;
        #access_log  /var/log/nginx/log/host.access.log  main;
        root   /opt/app;
    
        location = /code1/ {
            rewrite ^(.*)$ /code1/index.html break;
        }
        
        location ~ /code.* {
            rewrite ^(.*)$ /code3/index.html break;
        }
        
        
        location ^~ /code {
            rewrite ^(.*)$ /code2/index.html break;
        }
    
        #error_page  404              /404.html;
    
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504 404  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
    
    
  • try_files,顺序检查是否存在

    server {
        listen       80;
        server_name  testserver1;
        
        location / {
            root /opt/app/code;
            #先检查缓存,再查看root目录,最后转发给tomcat9090
            try_files /cache $uri @java_page;
        }
    
        location @java_page{
            proxy_pass http://127.0.0.1:9090;
        } 
    
     }
    
    
  • 常见错误

    #error:nginx:413 request entity too large
    用户上传文件限制 client_max_body_size
    # error: 502 bad gateway
    后端服务无响应
    # error: 504 gateway time-out
    后端服务执行超时
    
    
  • 性能优化

    #安装ab测试工具
    yum install httpd-tools
    ab -n 2000 -c 2 http://127.0.0.1/jesonc.html
    
    动静分离
    网络
    系统
    服务
    程序
    数据库、底层服务
    
    文件句柄,一切皆文件,文件句柄就是一个索引
    #/etc/security/limits.conf
    
    #nginx.conf
    worker_rlimit_nofile 35535;
    
    
    • CPU亲和
    
    user  nginx;
    worker_processes  16;
    #worker_cpu_affinity 0000000000000010 0000000000000010 0000000000000100 0000000000001000 0000000000010000 0000000000100000 0000000001000000 0000000010000000 0000000100000000 0000001000000000 0000010000000000 0000100000000000 0001000000000000 0010000000000000 0100000000000000 1000000000000000;
    #worker_cpu_affinity 1010101010101010 0101010101010101;
    worker_cpu_affinity auto;
    
    
    error_log  /var/log/nginx/error.log warn;
    pid        /var/run/nginx.pid;
    
    worker_rlimit_nofile 35535;
    
    events {
        use epoll;
        worker_connections  10240;
    }
    
    
    
    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;
        #######
        #Charset
        charset utf-8;
    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for" "$request_uri"';
    
        access_log  /var/log/nginx/access.log  main;
        
        #######
        #Core modlue
        sendfile        on;
        #tcp_nopush     on;
        #tcp_nodeny     on;
        keepalive_timeout  65;
        
        ########
        #Gzip module
        gzip  on;
        gzip_disable "MSIE [1-6]\.";  
        gzip_http_version 1.1; 
        
        ########
        #Virtal Server
        include /etc/nginx/conf.d/*.conf;
    }
    
    
  • 安全

    防盗链

    secure_link_module

    access_module

    #文件上传漏洞
    # http://www.abc.com/upload/1.jpg/1.php
    #nginx 将1.jpg作为php代码执行
    
    location ^~ /upload{
    	root /opt/app/images;
    	
    	if ($request_filename ~* (.*)\.php){
    		return 403;
    	}
    }
    

    sql注入

    #参考https://github.com/loveshell/ngx_lua_waf
    
    http {
          
        lua_package_path "/etc/nginx/waf/?.lua";
        lua_shared_dict limit 10m;
        init_by_lua_file  /etc/nginx/waf/init.lua; 
        access_by_lua_file /etc/nginx/waf/waf.lua;
       
    }
    

你可能感兴趣的:(Nginx)