https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/
修改配置文件,nginx中通过limit_comm_zone 和limit_req_zone两个组建来对客户端访问目录和文件的访问屏率和次数进行限制
limit_conn_zone $binary_remote_addr zone=addr:10m; ###定义两个参数,生成一个大小为10M,名字为addr的内存区域,连接数为第二个参数。编写指令模块。
[root@server1 ~]# cd /usr/local/nginx/conf
[root@server1 conf]# vim nginx.conf43 #gzip on;
44 limit_conn_zone $binary_remote_addr zone=addr:10m;58 location /download/{
59 limit_conn addr 1; ##并发连接1个60 }
[root@server1 conf]# nginx -t
[root@server1 conf]# nginx -s reload
[root@server1 conf]# cd ..
[root@server1 nginx]# pwd
/usr/local/nginx
[root@server1 nginx]# cd html/
[root@server1 html]# ls
50x.html index.html index.php test.php
[root@server1 html]# mkdir download
[root@server1 html]# cd download/
[root@server1 download]# mv /root/vim.jpg .
[root@server1 download]# ls
vim.jpg
[root@server1 download]# du -h vim.jpg
256K vim.jpg
[root@westos_student73 Desktop]# curl -I http://172.25.10.1/download/vim.jpg
[root@westos_student73 Desktop]# ab -c1 -n10 http://172.25.10.1/download/vim.jpg
##并发1次,请求10次
[root@server1 ~]# cd /usr/local/nginx
[root@server1 nginx]# ls
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@server1 nginx]# cd logs/
[root@server1 logs]# ls
access.log error.log nginx.pid nginx.pid.oldbin
[root@server1 logs]# cat access.log
ab -c10 -n10 http://172.25.10.1/download/vim.jpg ##进行压力测试,出错了
[root@server1 logs]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf44 limit_conn_zone $binary_remote_addr zone=addr:10m;
45 limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;60 limit_conn addr 1;
61 limit_req zone=one;
62 }[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
在客户端(真机中)进行压力测试:
[root@westos_student73 Desktop]# ab -c1 -n10 http://172.25.10.1/download/vim.jpg
[root@server1 conf]# cd /usr/local/nginx/logs/
[root@server1 logs]# cat access.log
[root@server1 logs]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf59 location /download/{
60 limit_conn addr 1;
61 limit_req zone=one burst=5; NGINX 中这种过多的请求可以被缓冲和处理。limit_req 指令的burst参数设置等待以指定速率处理的最大请求数,超出zone限制的请求会被放入队列中
62 }[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
在客户端(真机中)进行压力测试:
[root@server1 conf]# vim nginx.conf
59 location /download/{
60 limit_conn addr 1;
61 limit_req zone=one burst=5 nodelay;
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
59 location /download/{
60 limit_conn addr 1;
61 limit_req zone=one burst=5;
62 limit_rate 50k; ##限制带宽
63 }[root@server1 conf]# nginx -t
[root@server1 conf]# nginx -s reload
[root@westos_student73 Desktop]# ab -c1 -n10 http://172.25.10.1/download/vim.jpg
[root@server1 conf]# vim nginx.conf
59 location /download/{
60 autoindex on; ###自动索引
61 limit_conn addr 1;[root@server1 conf]# nginx -t
[root@server1 conf]# nginx -s reload
访问浏览器: http://172.25.10.1/download/
[root@server1 conf]# vim nginx.conf
66 location ~ .*\.(gif|jpg|png)$ { Nginx expire缓存配置: 缓存可以降低网站带宽,加速用户访问
67 expires 365d;
68 root html;
[root@server1 conf]# nginx -s reload
[root@westos_student73 Desktop]# curl -I http://172.25.10.1/download/vim.jpg
[root@server1 ~]# cd /usr/local/nginx/logs/
[root@server1 logs]# ll access.log
-rw-r--r-- 1 root root 21514 Apr 16 18:39 access.log
[root@server1 logs]# vim /opt/nginx_log.sh[root@server1 logs]# cat /opt/nginx_log.sh
#!/bin/bash
cd /usr/local/nginx/logs && mv access.log access_$(date +%F -d -1day).log
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
[root@server1 logs]# date +%F -d -1day
2022-04-15[root@server1 logs]# chmod +x /opt/nginx_log.sh
[root@server1 logs]# /opt/nginx_log.sh
[root@server1 logs]# ls
access_2022-04-15.log access.log error.log nginx.pid nginx.pid.oldbin
再加入crontab定时任务
[root@server1 logs]# crontab -e
00 00 * * * /opt/nginx_log.sh &> /dev/dull
[root@server1 logs]# ll /opt/nginx_log.sh
-rwxr-xr-x 1 root root 135 Apr 16 18:56 /opt/nginx_log.sh[root@server1 logs]# crontab -l
00 00 * * * /opt/nginx_log.sh &> /dev/dull
[root@server1 logs]# cd /usr/local/nginx/
[root@server1 nginx]# cd conf/
[root@server1 conf]# vim nginx.conf
72 location /status {
73 stub_status on;
74 access_log off;
75 }
[root@server1 conf]# nginx -s reload
在浏览器上搜索http://172.25.10.1/status
[root@server1 conf]# vim nginx.conf
75 allow 127.0.0.1;
76 deny all;
[root@server1 conf]# nginx -s reload
[root@server1 conf]# curl localhost/status
在浏览器上搜索http://172.25.10.1/status
[root@server1 conf]# cd ..
[root@server1 nginx]# cd html/
[root@server1 html]# ls
50x.html download index.html index.php test.php
[root@server1 html]# vim index.html
[root@server1 html]# nginx -s reload
浏览器访问172.25.10.1
将乱码修正的方法
[root@server1 html]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf51 charset utf-8;
[root@server1 conf]# nginx -s reload
location / {
deny 172.25.0.10;
allow 172.25.0.0/24;
deny all;
}
if ($remote_addr = 172.25.0.254) {
return 403;
}
[root@server1 ~]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
49 server_name localhost;
50 return 500;
[root@server1 conf]# nginx -s reload
直接访问ip不可以,可以设置访问域名
[root@server1 conf]# vim nginx.conf
149 server {
150 listen 80;
151 server_name www.westos.org;
152
153 location / {
154 root /www;
155 index index.html;
156 }
157 }
[root@server1 conf]# nginx -s reload
[root@server1 conf]# mkdir /www
[root@server1 conf]# echo www.westos.org > /www/index.html
可以直接重定向,不管访问什么,都直接重定向到www.westos.org网页
[root@server1 conf]# vim nginx.conf
50 #return 500;
51 rewrite ^(.*) https://www.westos.org permanent;
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
129 # HTTPS server
130 # ###打开并修改
131 server {
132 listen 443 ssl;
133 server_name www.westos.org;
134
135 ssl_certificate cert.pem;
136 ssl_certificate_key cert.pem;
137
138 ssl_session_cache shared:SSL:1m;
139 ssl_session_timeout 5m;
140
141 ssl_ciphers HIGH:!aNULL:!MD5;
142 ssl_prefer_server_ciphers on;
143
144 location / {
145 root /www;
146 index index.html index.htm;
147 }
148 }
[root@server1 conf]# nginx -t ####检测语法出现错误
nginx: [emerg] cannot load certificate "/usr/local/nginx/conf/cert.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/nginx/conf/cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
[root@server1 conf]# cd /etc/pki
[root@server1 pki]# cd tls/
[root@server1 tls]# cd certs/
[root@server1 certs]# make cert.pem
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@localhost
[root@server1 certs]# cp cert.pem /usr/local/nginx/conf/
[root@server1 certs]# cd /usr/local/nginx/
[root@server1 nginx]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful ##检测语法成功
[root@server1 nginx]# nginx -s reload
[root@server1 conf]# vim nginx.conf
154 rewrite ^/(.*)$ https://www.westos.org/$1 permanent; ##当访问www.westos.org时会定向到https://www.westos.org
155
156 #location / {
157 # root /www;
158 # index index.html;
159 # }[root@server1 conf]# nginx -t
[root@server1 conf]# nginx -s reload
访问www.westos.org/bbs时定向到bbs.westos.org
[root@server1 conf]# vim nginx.conf
162 server {
163 listen 80;
164 server_name bbs.westos.org;
165
166
167 location / {
168 root /bbs;
169 index index.html;
170 }
171 }[root@server1 conf]# mkdir /bbs
[root@server1 conf]# echo bbs.westos.org > /bbs/index.html
[root@server1 conf]# nginx -t[root@server1 conf]# nginx -s reload
定义的虚拟主机没有问题
[root@server1 conf]# vim nginx.conf
154 rewrite ^/bbs$ http://bbs.westos.org permanent;
155
156 # rewrite ^/(.*)$ http://www.westos.org/$1 permanent;[root@server1 conf]# nginx -t
[root@server1 conf]# nginx -s reload
当访问curl -I www.westos.org/bbs/index.html时会出现错误
访问www.westos.org/bbs/index.html时定向到bbs.westos.org/index.html
[root@server1 conf]# vim nginx.conf
155 rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# nginx -s stop
[root@server1 conf]# nginx
IF条件判断
[root@server1 conf]# vim nginx.conf
159 if ($host = "bbs.westos.org") {
160 rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;
161 }[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload