Nginx企业级使用2 (运维笔记)
Nginx企业级使用2 (运维笔记)
Nginx压缩模块
Gzip压缩文件,使文件变小,传输更快了
官方文档:
Module ngx_http_gzip_module
[root@server01 ~]# vim /usr/local/nginx/conf/nginx.conf#配置到http段里,使整个http服务都启用gzip压缩
#开启gzip压缩
gzip on;
#http协议版本
gzip_http_version 1.0;
#IE浏览器不开启gzip IE6以下会乱码
gzip_disable 'MSIE [1-6].';
#开启gzip 文件的格式
gzip_types image/jpeg image/jpg image/png text/plain text/css;#########################################
#去掉注释放入http段
gzip on;
gzip_http_version 1.0;
gzip_disable 'MSIE [1-6].';
gzip_types image/jpeg image/jpg image/png text/plain text/css;
配置的客户端缓存时长
官方文档
Module ngx_http_headers_module
vim /usr/local/nginx/conf/nginx.conf#只给js或者css文件配置缓存
location ~ \\.(js|css)$ {#单位参数 d day 天|H hour 小时 M 分expires 1h;
}#在整个http中生效 配置到http段里
expires 1h
基于IP访问控制
官方文档
Module ngx_http_auth_basic_module
#首先使用windows访问shop.lnmp.comPS C:\\WINDOWS\\system32> ping shop.lnmp.com正在 Ping shop.lnmp.com [192.168.126.139] 具有 32 字节的数据:
来自 192.168.126.139 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.126.139 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.126.139 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.126.139 的回复: 字节=32 时间<1ms TTL=64192.168.126.139 的 Ping 统计信息:数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):最短 = 0ms,最长 = 0ms,平均 = 0ms #可以ping通 且shop.lnmp.com可以访问[root@server01 ~]# last
root pts/0 192.168.126.1 Fri Apr 21 19:23 still logged in
reboot system boot 2.6.32-696.el6.x Sat Apr 22 02:49 - 19:45 (-7:-4)
root pts/0 192.168.126.1 Thu Apr 20 20:18 - 20:56 (00:38)
root pts/1 192.168.126.1 Thu Apr 20 18:31 - 19:58 (01:27)#禁止一下这个ip的访问vim /usr/local/nginx/conf/nginx.conf#server段里写入禁止访问的ipserver{listen 80;server_name shop.lnmp.com;root html/tp5shop/public;index index.php index.html;deny 192.168.126.1; #(禁止访问的ip你自己设置的)location ~ \\.php$ {fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;}}#重启服务
[root@server01 ~]# service nginx reload#本地windows再次访问页面不能访问shop.lnmp.com
基于用户的访问控制
官方文档
Module ngx_http_auth_basic_module
#创建用户名和密码存储文件cd /usr/local/nginx/conf
#htpasswd 如果不存在就通过 yum -y install httpd-tools安装
#生成用户名称和密码htpasswd -c ./passwd.db lnmp
#输入密码并再次确认密码
#查看passwd.db文件是否创建成功[root@server01 conf]# htpasswd -c ./passwd.db lnmp
New password:
Re-type new password:
Adding password for user lnmp [root@server01 conf]# cat passwd.db
lnmp:JswY/vtvg0OoIvim /usr/local/nginx/conf/nginx.conf #根据业务需求,配置到server段里
#登录框显示的标题提示
#加载用户名称和密码校验文件
auth_basic "test login";
auth_basic_user_file /usr/local/nginx/conf/passwd.db; #访问页面 需要输入用户密码
目录列表显示
#开启目录列表显示
autoindex on;
#index 当index默认找不到时,才会使用目录列表
index index;
#设置字符
charset utf8
反向代理
用户不知道使用了代理服务器
官方文档
Module ngx_http_proxy_module
安装httpd 需改端口8080#安装apache
shell > yum install -y httpd
#配置apache的配置文件
shell > vim /etc/httpd/conf/httpd.confListen 8080[root@server01 conf]# service httpd start
正在启动 httpd: [确定]
[root@server01 conf]# netstat -nltp|grep httpd
tcp 0 0 :::8080 :::* LISTEN 2020/httpd
[root@server01 conf]# netstat -nltp|grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1675/nginx
tcp 0 0 :::8080 :::* LISTEN 2020/httpd
location / {proxy_pass http://127.0.0.1:8080;
}
#在nginx下配置server转发
访问ip地址server
About CentOS:
The Community ENTerprise Operating System (CentOS) Linux is a community-supported enterprise distribution derived from sources freely provided to the public by Red Hat. As such, CentOS Linux aims to be functionally compatible with Red Hat Enterprise Linux. The CentOS Project is the organization that builds CentOS. We mainly change packages to remove upstream vendor branding and artwork.
For information on CentOS please visit the CentOS website.
Note:
CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project. If you have issues with the content of this site, contact the owner of the domain, not the CentOS Project.
Unless this server is on the centos.org domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.
For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:
http://www.internic.net/whois.html