一、架构02-详解nginx模块使用方法

nginx模块使用方法：

1、worker_processes auto

worker_processes auto; #auto等于物理核心数，可指定数量，一般等于小于物理核心数

2、events

events {

    worker_connections 1024; #单进程响应1024个请求，一共响应的请求等于worker_processes乘以worker_connections的数量；

}

（1）、worker_connections number;

  每个worker进程所能够打开的最大并发连接数数量；worker_processes * worker_connections

（2）、use method;

   指明并发连接请求的处理方法；use epoll;

（3）、accept_mutex on | off;

   处理新的连接请求的方法；on意味着由各worker轮流处理新请求，Off意味着每个新请求的到达都会通知所有的worker进程；

  3、http

log_format

$remote_addr 远程主机地址

$remote_user 远程访问用户

$time_local  本地时间

$request 请求url 报文的起始行

$status 响应码

$body_bytes_sent body的字节数

$http_referer 引用

$http_user_agent 客户端代理用的是什么浏览器访问的

$http_x_forwarded_for 记录真正的客户端的地址

  access_log     

access_log  /var/log/nginx/access.log  main;# 日志存放地址

sendfile            on;#提升性能

keepalive_timeout   65;#保持连接启用

default_type        application/octet-stream;#默认识别成8进制的数据流

  4、server

listen       80 default_server;#默认虚拟主机

listen       [::]:80 default_server;#ipv6的端口的默认虚拟主机

server_name  _;#对于默认主机来说，下划线可以匹配所有主机名

root         /usr/share/nginx/html;#默认网页根路径

location / {

        } #个人设置

error_page #错误页

  5、worker_cpu_affinity cpumask ...;

  worker_cpu_affinity auto [cpumask];     

[root@node01 nginx]# vim nginx.conf

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

#worker_cpu_affinity auto;#自己绑定

不绑定之前     

[root@node01 nginx]# ps axo comm,pid,psr | grep nginx

nginx             4997   0

nginx             4998   3

nginx             4999   2

nginx             5000   0

nginx             5001   1

绑定之后

[root@node01 nginx]# vim nginx.conf

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

worker_cpu_affinity auto;#自己绑定

[root@node01 nginx]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 nginx]# nginx -s reload

[root@node01 nginx]# ps axo comm,pid,psr | grep nginx

nginx             4997   0

nginx             6638   0

nginx             6639   1

nginx             6640   2

nginx             6641   3

 进行验证

[root@node02 ~]# yum install -y httpd-tools

[root@node02 ~]# ab -n 10000 -c 100 http://192.168.32.132/index.html

观察node01 

[root@node01 nginx]# watch -n.5 'ps axo comm,pid,psr | grep nginx'

CPU不会再随机调度了

将cpu反过来绑定

[root@node01 nginx]# vim nginx.conf

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

#worker_cpu_affinity auto;

worker_cpu_affinity 1000 0100 0010 0001;

[root@node01 nginx]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 nginx]# nginx -s reload

[root@node01 nginx]# watch -n.5 'ps axo comm,pid,psr | grep nginx'

Every 0.5s: ps axo comm,pid,psr | grep nginx                                                                          Mon Jan 28 14:06:16 2019

nginx             4997   3

nginx             7314   3

nginx             7315   2

nginx             7316   1

nginx             7317   0

 自定义worker_processes数量 自定义绑定cpu     

[root@node01 nginx]# vim nginx.conf

user nginx;

worker_processes 2;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

#worker_cpu_affinity auto;

worker_cpu_affinity 1000 0100;

[root@node01 nginx]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 nginx]# nginx -s reload

[root@node01 nginx]#

[root@node01 nginx]#

[root@node01 nginx]#

[root@node01 nginx]# watch -n.5 'ps axo comm,pid,psr | grep nginx'

Every 0.5s: ps axo comm,pid,psr | grep nginx                                                                          Mon Jan 28 14:12:44 2019

nginx             4997   3

nginx             7962   3

nginx             7963   2

6、 worker_priority number;指定worker进程的nice值，设定worker进程优先级；[-20,20]        

[root@node01 nginx]# vim nginx.conf

user nginx;

worker_processes 2;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

#worker_cpu_affinity auto;

worker_cpu_affinity 1000 0100;

worker_priority -5;

[root@node01 nginx]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 nginx]# nginx -s reload

[root@node01 nginx]# ps axo comm,pid,psr,ni  | grep nginx

nginx             4997   3   0

nginx             8718   3  -5

nginx             8719   2  -5

  7、  worker_rlimit_nofile number;worker进程所能够打开的文件数量上限；

[root@node01 nginx]# vim nginx.conf

user nginx;

worker_processes 2;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

#worker_cpu_affinity auto;

worker_cpu_affinity 1000 0100;

worker_priority -5;

worker_rlimit_nofile 65535;

[root@node01 nginx]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 nginx]# nginx -s reload

 8、   与套接字相关的配置：

    示例：

限定主机访问

[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        location / {

                deny 192.168.32.131;#node03主机的ip地址

                allow all;

        }

}

[root@node01 vhost1]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 vhost1]# nginx -s reload

       验证

[root@node02 ~]# curl http://www.hehe.com

Nginx Vhost 1

[root@node03 ~]# curl http://www.hehe.com

403 Forbidden

---

nginx/1.12.2

示例：

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        location / {

                root /data/nginx/vhost2;

                allow all;

        }

        location ~*  \.(jpg|jpeg|jfif)$ {

                deny 192.168.32.131;

                allow all;

        }

}

匹配示例

root 和alias的区别

root 匹配的是左侧的目录  alias匹配的则是右侧的

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        location / {

        #       root /data/nginx/vhost2;

                allow all;

        }

        location ~*  \.(jpg|jpeg|jfif)$ {

                deny 192.168.32.131;

                allow all;

        }

        location ^~ /images/ {

                root   /data/pictures/;#匹配的是pictures/下面的images目录

        }

}

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        location / {

        #       root /data/nginx/vhost2;

                allow all;

        }

        location ~*  \.(jpg|jpeg|jfif)$ {

                deny 192.168.32.131;

                allow all;

        }

        location ^~ /images/ {

                alias   /data/pictures/;#匹配的是pictures/目录

}

自定义错误页

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        location / {

        #       root /data/nginx/vhost2;

                allow all;

        }

        location ~*  \.(jpg|jpeg|jfif)$ {

                deny 192.168.32.131;

                allow all;

        }

        location ^~ /images/ {

                root   /data/pictures/;#匹配的是pictures/下面的images目录

        }

        error_page 404  /notfound.html;

        location = /notfound.html {

                root /data/nginx/error_pages;

        }

}

[root@node01 ~]# mkdir /data/nginx/error_pages

[root@node01 ~]# vim /data/nginx/error_pages/notfound.html

验证

将状态码重定向到其他状态码

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        location / {

        #       root /data/nginx/vhost2;

                allow all;

        }

        location ~*  \.(jpg|jpeg|jfif)$ {

                deny 192.168.32.131;

                allow all;

        }

        location ^~ /images/ {

                alias   /data/pictures/;

        }

        error_page 404 =200 /notfound.html;

        location = /notfound.html {

                root /data/nginx/error_pages;

        }

}

验证

10、定义客户端请求的相关配置

   （1）、keepalive_timeout timeout [header_timeout];

                        设定保持连接的超时时长，0表示禁止长连接；默认为75s；

   （2）、keepalive_requests number;

                        在一次长连接上所允许请求的资源的最大数量，默认为100;

   （3）、keepalive_disable none | browser ...;

                        对哪种浏览器禁用长连接；

   （4）、send_timeout time;

                        向客户端发送响应报文的超时时长，此处，是指两次写操作之间的间隔时长；

   （5） 、client_body_buffer_size size;

11、对客户端进行限制的相关配置

      （1）、limit_rate rate;

                        限制响应给客户端的传输速率，单位是bytes/second，0表示无限制；

      （2） 、limit_except method ... { ... }

                        限制对指定的请求方法之外的其它方法的使用客户端；

                        limit_except GET {

                            allow 192.168.1.0/24;

                            deny  all;

                        }

12、文件操作优化的配置

        （1）、aio on | off | threads[=pool];是否启用aio功能；

        （2）、directio size | off; 在Linux主机启用O_DIRECT标记，此处意味文件大于等于给定的大小时使用，例如directio 4m;

          (3）、open_file_cache off; open_file_cache max=N [inactive=time];

                            nginx可以缓存以下三种信息: (1) 文件的描述符、文件大小和最近一次的修改时间；(2) 打开的目录结构; (3) 没有找到的或者没有权限访问的文件的相关信息；

                            max=N：可缓存的缓存项上限；达到上限后会使用LRU算法实现缓存管理；

                            inactive=time：缓存项的非活动时长，在此处指定的时长内未被命中的或命中的次数少于open_file_cache_min_uses指令所指定的次数的缓存项即为非活动项；

13、ngx_http_access_module 访问控制模块

ngx_http_access_module模块：

                    实现基于ip的访问控制功能

                    （1）、allow address | CIDR | unix: | all;

                    （2）、deny address | CIDR | unix: | all;

                        http, server, location, limit_except

14、ngx_http_auth_basic_module模块

               实现基于用户的访问控制，使用basic机制进行用户认证；

                    （1）、auth_basic string | off;

                    （2）、auth_basic_user_file file;

                        location /admin/ {

                            alias /webapps/app1/data/;

                            auth_basic "Admin Area";

                            auth_basic_user_file /etc/nginx/.ngxpasswd;

                        }

                        注意：htpasswd命令由httpd-tools所提供；

示例

[root@node01 ~]# htpasswd -c -m /etc/nginx/.ngxpasswd tom

New password:

Re-type new password:

Adding password for user tom

[root@node01 ~]# htpasswd  -m /etc/nginx/.ngxpasswd jerry

New password:

Re-type new password:

Adding password for user jerry

[root@node01 ~]# cat /etc/nginx/.ngxpasswd

tom:$apr1$hj5QSHd8$GhF4wQy3RqGSgqhsnDkP3.

jerry:$apr1$YBflr81R$JwwcZRpSH1v5HNnP9Hi5i/

[root@node01 ~]# vim /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        location / {

        #       root /data/nginx/vhost2;

                allow all;

        }

        location ~* ^/(admin|login) {

                auth_basic "admin area or login url";

                auth_basic_user_file  /etc/nginx/.ngxpasswd;

        }

        location ~*  \.(jpg|jpeg|jfif)$ {

                deny 192.168.32.131;

                allow all;

        }

        location ^~ /images/ {

                alias   /data/pictures/;

        }

        error_page 404 =200 /notfound.html;

        location = /notfound.html {

                root /data/nginx/error_pages;

        }

}

[root@node01 ~]# mkdir /data/nginx/vhost1/admin

[root@node01 ~]# vim  /data/nginx/vhost1/admin/index.html

[root@node01 ~]# more   /data/nginx/vhost1/admin/index.html

Admin Area

[root@node01 ~]#

[root@node01 ~]#

[root@node01 ~]#

[root@node01 ~]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 ~]# nginx -s reload

15、ngx_http_stub_status_module模块

                    用于输出nginx的基本状态信息；

                    Active connections: 活动状态的连接数；

                    accepts：已经接受的客户端请求的总数；

                    handled：已经处理完成的客户端请求的总数；

                    requests：客户端发来的总的请求数；

                    Reading：处于读取客户端请求报文首部的连接的连接数；

                    Writing：处于向客户端发送响应报文过程中的连接数；

                    Waiting：处于等待客户端发出请求的空闲连接数；

示例

[root@node01 ~]# vim /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        location / {

        #       root /data/nginx/vhost2;

                allow all;

        }

        location ~* ^/(admin|login) {

                auth_basic "admin area or login url";

                auth_basic_user_file  /etc/nginx/.ngxpasswd;

        }

        location ~*  \.(jpg|jpeg|jfif)$ {

                deny 192.168.32.131;

                allow all;

        }

        location ^~ /images/ {

                alias   /data/pictures/;

        }

        error_page 404 =200 /notfound.html;

        location = /notfound.html {

                root /data/nginx/error_pages;

        }

        location /ngxstatus {

                stub_status;

        }

}

[root@node01 ~]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 ~]# nginx -s reload

[root@node01 ~]# curl http://www.hehe.com/ngxstatus

Active connections: 2

server accepts handled requests

2 2 4

Reading: 0 Writing: 1 Waiting: 1

16、ngx_http_log_module模块

示例:

[root@node01 ~]# vim   /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        access_log /var/log/nginx/vhost1_access.log main;

        location / {

        #       root /data/nginx/vhost2;

                allow all;

        }

        location ~* ^/(admin|login) {

                auth_basic "admin area or login url";

                auth_basic_user_file  /etc/nginx/.ngxpasswd;

        }

        location ~*  \.(jpg|jpeg|jfif)$ {

                deny 192.168.32.131;

                allow all;

        }

        location ^~ /images/ {

                alias   /data/pictures/;

        }

        error_page 404 =200 /notfound.html;

        location = /notfound.html {

                root /data/nginx/error_pages;

        }

        location /ngxstatus {

                stub_status;

                access_log off;

        }

}

[root@node01 ~]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 ~]# nginx -s reload

[root@node01 ~]# tail -f /var/log/nginx/

access.log              access.log-20190128.gz  error.log               error.log-20190128.gz   vhost1_access.log

[root@node01 ~]# tail -f /var/log/nginx/vhost1_access.log

192.168.32.131 - - [28/Jan/2019:19:29:15 +0800] "GET /images/test001.jpg HTTP/1.1" 200 12931 "-" "curl/7.29.0" "-"

^C

17、ngx_http_gzip_module：http压缩模块

示例

[root@node01 ~]# vim   /etc/nginx/nginx.conf

[root@node01 ~]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 ~]# nginx -s reload

[root@node01 nginx]# cp nginx.conf /data/nginx/vhost1/nginx.html

验证

18、ngx_http_ssl_module模块：

示例

1、在node02搭建CA服务器

[root@node02 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Beijing

Locality Name (eg, city) [Default City]:Beijing

Organization Name (eg, company) [Default Company Ltd]:heheda

Organizational Unit Name (eg, section) []:devops

Common Name (eg, your name or your server's hostname) []:node02.hehe.com

Email Address []:

[root@node02 CA]# ls

cacert.pem  certs  crl  newcerts  private

[root@node02 CA]# touch index.txt

[root@node02 CA]# echo 01 > serial

[root@node02 CA]# ll

总用量 8

-rw-r--r--  1 root root 1334 1月  29 10:41 cacert.pem

drwxr-xr-x. 2 root root    6 4月  11 2018 certs

drwxr-xr-x. 2 root root    6 4月  11 2018 crl

-rw-r--r--  1 root root    0 1月  29 10:41 index.txt

drwxr-xr-x. 2 root root    6 4月  11 2018 newcerts

drwx------. 2 root root   23 1月  29 10:38 private

-rw-r--r--  1 root root    3 1月  29 10:41 serial

2、在node01上（nginx）自建key

[root@node01 nginx]# mkdir /etc/nginx/ssl

[root@node01 nginx]# cd /etc/nginx/ssl/

[root@node01 ssl]#

[root@node01 ssl]#

[root@node01 ssl]# ls

[root@node01 ssl]# (umask 077; openssl genrsa -out nginx.key 2048)

Generating RSA private key, 2048 bit long modulus

..............................................................................................+++

...........................................................................................................+++

e is 65537 (0x10001)

[root@node01 ssl]# ls

nginx.key

[root@node01 ssl]# openssl req -new -key nginx.key -out nginx.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Beijing

Locality Name (eg, city) [Default City]:Beijing

Organization Name (eg, company) [Default Company Ltd]:heheda

Organizational Unit Name (eg, section) []:devops

Common Name (eg, your name or your server's hostname) []:node01.hehe.com

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@node01 ssl]# ll

总用量 8

-rw-r--r-- 1 root root 1013 1月  29 13:21 nginx.csr

-rw------- 1 root root 1675 1月  29 10:42 nginx.key

3、进行授权

[root@node01 ssl]# scp nginx.csr node02:/tmp/

The authenticity of host 'node02 (192.168.32.128)' can't be established.

ECDSA key fingerprint is SHA256:tMT8xiLAjrhvRkah4txBY1OVsq4KZzdK+mW9G7LK/ZU.

ECDSA key fingerprint is MD5:e2:c3:6d:0d:d8:5e:05:94:dc:9e:9e:4f:87:de:8d:68.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'node02,192.168.32.128' (ECDSA) to the list of known hosts.

root@node02's password:

nginx.csr                                                                                                   100% 1013   657.2KB/s   00:00

[root@node02 CA]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 365

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0x1)

        Validity

            Not Before: Jan 29 05:26:21 2019 GMT

            Not After : Jan 29 05:26:21 2020 GMT

        Subject:

            countryName               = CN

            stateOrProvinceName       = Beijing

            organizationName          = heheda

            organizationalUnitName    = devops

            commonName                = node01.hehe.com

        X509v3 extensions:

            X509v3 Basic Constraints:

                CA:FALSE

            Netscape Comment:

                OpenSSL Generated Certificate

            X509v3 Subject Key Identifier:

                94:F0:75:E1:3A:86:06:33:CB:A3:1E:B1:E5:83:C0:07:FA:A9:A9:CD

            X509v3 Authority Key Identifier:

                keyid:EC:1F:2B:D8:93:96:6C:18:8A:AC:90:16:F3:0C:0F:ED:35:36:58:BC

Certificate is to be certified until Jan 29 05:26:21 2020 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

[root@node02 CA]# ls

cacert.pem  certs  crl  index.txt  index.txt.attr  index.txt.old  newcerts  private  serial  serial.old

[root@node02 CA]# cd newcerts/

[root@node02 newcerts]# ls

01.pem

[root@node02 newcerts]# cd ..

[root@node02 CA]# ls

cacert.pem  certs  crl  index.txt  index.txt.attr  index.txt.old  newcerts  private  serial  serial.old

[root@node02 CA]# ll certs/

总用量 8

-rw-r--r-- 1 root root 4480 1月  29 13:26 nginx.crt

[root@node02 CA]# scp certs/nginx.crt node01:/etc/nginx/ssl/

The authenticity of host 'node01 (192.168.32.132)' can't be established.

ECDSA key fingerprint is SHA256:0VrA1bIJY59rAo4HPYPuI9OBPgzS3mmmVZ4Erhkvs/I.

ECDSA key fingerprint is MD5:d3:ca:de:bf:b3:ad:38:25:71:e6:d6:07:5b:c9:7a:17.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'node01,192.168.32.132' (ECDSA) to the list of known hosts.

root@node01's password:

Permission denied, please try again.

root@node01's password:

nginx.crt                                                                                                   100% 4480     3.9MB/s   00:00

4、配置

[root@node01 nginx]# cp conf.d/vhost1.conf conf.d/vhost1_ssl.conf

[root@node01 nginx]# vim conf.d/vhost1_ssl.conf

server {

        listen 443 ssl;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        ssl on;

        ssl_certificate /etc/nginx/ssl/nginx.crt;

        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_protocols sslv3 TLSv1 tlsv1.1 tlsv1.2;

        ssl_session_cache shared:SSL:10m;

}

[root@node01 nginx]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 nginx]# nginx -s reload

[root@node01 nginx]# ss -tnl

State      Recv-Q Send-Q                          Local Address:Port                                         Peer Address:Port

LISTEN     0      128                                         *:111                                                     *:*

LISTEN     0      128                                         *:80                                                      *:*

LISTEN     0      128                                         *:22                                                      *:*

LISTEN     0      100                                 127.0.0.1:25                                                      *:*

LISTEN     0      128                                         *:443                                                     *:*

LISTEN     0      128                                        :::111                                                    :::*

LISTEN     0      128                                        :::80                                                     :::*

LISTEN     0      128                                        :::22                                                     :::*

LISTEN     0      100                                       ::1:25                                                     :::*

5、验证

19、ngx_http_rewrite_module模块：将用户请求的URI基于regex所描述的模式进行检查，而后完成替换；

示例01

rewrite *.png --> *.jpg

[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        rewrite  /(.*)\.png$ /$1.jpg;

}

[root@node01 vhost1]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 vhost1]# nginx -s reload

验证

示例02：rewrite http-->https

[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        rewrite /(.*)$ https://www.hehe.com/$1;

}

[root@node01 vhost1]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 vhost1]# nginx -s reload

验证

示例03：rewrite  多个rewrite

[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        rewrite  /(.*)\.png$ http://www.hehe.com/$1.jpg;

        rewrite /(.*)$ https://www.hehe.com/$1;

}

[root@node01 vhost1]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 vhost1]# nginx -s reload

验证

示例04：rewrite redirect

[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        rewrite /(.*).png$  /$1.jpg redirect;

}

[root@node01 vhost1]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 vhost1]# nginx -s reload

验证

示例05： rewrite  permanent

[root@node01 vhost1]# vim /etc/nginx/conf.d/vhost1.conf

server {

        listen 80;

        server_name www.hehe.com;

        root /data/nginx/vhost1;

        #rewrite  /(.*)\.png$ /$1.jpg;

        #rewrite  /(.*)\.png$ http://www.hehe.com/$1.jpg;

        #rewrite /(.*)$ https://www.hehe.com/$1;

        #rewrite /(.*).png$  /$1.jpg;

        #rewrite /(.*).png$  /$1.jpg redirect;

        rewrite /(.*).png$  /$1.jpg permanent;

}

[root@node01 vhost1]# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@node01 vhost1]# nginx -s reload

验证

20、ngx_http_referer_module模块：

         （1）、valid_referers none | blocked | server_names | string ...;

                定义referer首部的合法可用值；

                    none：请求报文首部没有referer首部；

                    blocked：请求报文的referer首部没有值；

                    server_names：参数，其可以有值作为主机名或主机名模式；

                    arbitrary_string：直接字符串，但可使用*作通配符；

                    regular expression：被指定的正则表达式模式匹配到的字符串；要使用~打头，例如 ~.*\.magedu\.com；

                配置示例：

valid_referers none block server_names *.magedu.com*.mageedu.commagedu.* mageedu.* ~\.magedu\.;

                    if($invalid_referer) {

returnhttp://www.magedu.com/invalid.jpg;

                    }