一, Nginx 防盗链
配置如下, 可以和上面的配置结合起来
- vim /usr/local/nginx/conf/vhost/test.com.conf
- location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ //location 后面的 * 是忽略大小写
- {
- expires 7d;
- valid_referers none blocked server_names *.test.com ; // 白名单
- if ($invalid_referer) {
- return 403;
- }
- access_log off;
- }
- /usr/local/nginx/sbin/nginx -t
- /usr/local/nginx/sbin/nginx -s reload
- echo '121332132'>> /data/wwwroot/test.com/2.jpg
- curl -x127.0.0.1:80 test.com/2.jpg -I
- curl -e "http://www.baidu.com" -x127.0.0.1:80 test.com/2.jpg -I
二, Nginx 访问控制
需求: 访问 / admin / 目录的请求, 只允许某几个 IP 访问, 配置如下:
- vim /usr/local/nginx/conf/vhost/test.com.conf
- location /admin/
- {
- allow 192.168.127.1;
- allow 127.0.0.1;
- deny all;
- }
- mkdir /data/wwwroot/test.com/admin/
- echo "test,test">/data/wwwroot/test.com/admin/1.html
- /usr/local/nginx/sbin/nginx -t
- /usr/local/nginx/sbin/nginx -s reload
- curl -x127.0.0.1:80 test.com/admin/1.html -I
- curl -x192.168.1.111:80 test.com/admin/1.html -I
之前添加了一个 ens37 虚拟网卡, 现在将它改为主机模式, 获取主机 ip, 用于测试.
匹配正则限制
- location ~ .*(upload|image)/.*\.php$
- {
- deny all;
- }
- mkdir /data/wwwroot/test.com/upload
- echo 12321> /data/wwwroot/test.com/upload/1.php
- curl -x127.0.0.1:80 test.com/upload/1.php
- echo 12321> /data/wwwroot/test.com/upload/1.txt
- curl -x127.0.0.1:80 test.com/upload/1.txt
根据 user_agent 限制
- if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')
- {
- return 403;
- }
deny all 和 return 403 效果一样
- curl -x127.0.0.1:80 test.com -I
- curl -A 'Tomato' -x127.0.0.1:80 test.com -I
三, Nginx 解析 php 的配置
- vim /usr/local/nginx/conf/vhost/test.com.conf
- location ~ \.php$
- {
- include fastcgi_params;
- fastcgi_pass unix:/tmp/php-fcgi.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
- }
fastcgi_pass 用来指定 php-fpm 监听的地址或者 socket
指定监听地址时 fastcgi_pass 127.0.0.1 这种格式
vim /data/wwwroot/test.com/example.php
写入
- php phpinfo();
- curl -x127.0.0.1:80 test.com/example.php
四, Nginx 代理
- cd /usr/local/nginx/conf/vhost
- dig www.baidu.com // 查找一个网站的 ip
如果 dig 命令不存在
- yum install -y bind*
- curl -x127.0.0.1:80 www.baidu.com/robots.txt
- vim proxy.conf // 加入如下内容
- server
- {
- listen 80;
- server_name www.baidu.com;
- location /
- {
- proxy_pass http://61.135.169.121/;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- }
- /usr/local/nginx/sbin/nginx -t
- /usr/local/nginx/sbin/nginx -s reload
- curl -x127.0.0.1:80 www.baidu.com/robots.txt
来源: http://www.bubuko.com/infodetail-2576632.html