Day 43rd: Nginx related issues

Nginx sets the custom header-----------------------------------------

Vim nginx.conf is added to the HTTP module:

Add_header MyHeader "The coments of MyHeader";

The myheader here is a custom name that you write for yourself.

After adding, test: curl-i Http://IP

Access to. txt files is forbidden in Nginx----------------------------------------

Location ~* \.                  (Txt|doc) $ {if (-F $request _filename) {root/home/domain/public_html/test;                  Break }               }

Nginx 404 Jump to Home--------------------------------------------

Before using Apache, you only need to set ErrorDocument 404/404.php

You can jump to different pages in 404.php according to different Request_uri, so that the invalid URL from the search engine can jump to the new address

The Nginx setting is this:

Error_page 404/404.php;

The final increase in rewrite rule can also be achieved by rewrite rules

if (!-e $request _filename) {rewrite ^ (. *) $/404.php last;}

Nginx 301 and 302 How to configure the-----------------------------------------

#301跳转设置: server {Listen 80;server_name 123.com;rewrite ^/(. *) http://456.com/$1 permanent;access_log off;} #302跳转设置: server {Listen 80;server_name 123.com;rewrite ^/(. *) http://456.com/$1 redirect;access_log off;}

Nginx configures the virtual directory and supports PHP-------------------------------------

Problem: www.111.com site root directory for/data/web/, now want to www.111.com a site, www.111.com/abc/but not directly under the/data/web/to create the ABC directory, to be placed in/data1/ Under the abc/.

Workaround: Use the Nginx alias feature to implement the virtual directory

In the configuration file, add

Location ~/abc/(. *) $ {

alias/data1/abc/$1;

}

Of course, alias after the directory can be arbitrary, as long as you put the program directory. That is, alias after the definition of/data1/abc/can also make/data1/123/at this time, access to pictures, Web pages, CSS and JS are no problem, but access to PHP will be reported 404. What to do?

Continue to add the following configuration, but note that it should be added in front of the location configuration above, otherwise it will not take effect.

Location ~/abc/.+\.php$ {root/data1/;            rewrite/abc/(. *\.php)/$1 break;            Include Fastcgi_params;            Fastcgi_pass Unix:/tmp/php-fcgi.sock;            Fastcgi_index index.php; Fastcgi_param script_filename/data1/abc/$fastcgi _script_name;}

In this, you can also support PHP.

Configure HTTPS encrypted site with Nginx----------------------------------------

First, Nginx installation

Install the time need to pay attention to add--with-http_ssl_module, because Http_ssl_module does not belong to Nginx Basic module.

Nginx Installation Method:

./configure--user=username--group=groupname--prefix=/usr/local/nginx--with-http_stub_status_module--with-http_ Ssl_module

Make && make install

Ii. Certificate of Generation

$ cd/usr/local/nginx/conf$ OpenSSL genrsa-des3-out server.key 1024$ OpenSSL req-new-key server.key-out server.csr$ C P server.key server.key.org$ OpenSSL rsa-in server.key.org-out server.key$ OpenSSL x509-req-days 365-in server.csr-s Ignkey Server.key-out SERVER.CRT

Third, modify the Nginx configuration:

Server{listen 443;server_name Test.sina.com.cn;ssl on;ssl_certificate/usr/local/nginx/conf/server.c Rt;ssl_certificate_key/usr/local/nginx/conf/server.key;}

Nginx Limit Download Speed---------------------------------------------

Nginx can use Httplimitzonemodule and httpcoremodule two components to limit the speed of a directory.

HTTP {limit_zone One $binary _remote_addr 10m;server {location/download/{limit_conn one 1;limit_rate 300k;}}}

Limit_zone is a container that stores the session state for each IP. This example defines a 10m container that can handle 320,000 sessions according to 32bytes/session.

Limit_conn one 1; restrict each IP to initiate a concurrent connection only.

Limit_rate 300k; speed limit 300k for each connection. Note that this is the speed limit for the connection, not the IP speed limit. If an IP allows two concurrent connections, then this IP is the speed limit limit_ratex2. can also be used to display the number of concurrent per IP

Nginx limit the number of IP concurrency, but also to limit the amount of simultaneous connection of the same IP server

1. Add Limit_zone

This variable can only be used in HTTP

Vi/usr/local/nginx/conf/nginx.conf

Limit_zone one $remote _addr 10m;

2. Add limit_conn This variable can be used in HTTP, server, location

I only limit a site, so add to the server inside

Vim/usr/local/nginx/conf/vhost/taobap.cn.conf

Limit_conn one 10;

3. Restart Nginx:killall-hup nginx

======================================== Exercises ===================================

1. To MySQL official download a source package, try to compile the installation, compile parameters can refer to the MySQL we have installed the compilation parameters. Operate a little, if there is a problem, send out the problem. MySQL official website

Http://dev.mysql.com/downloads/mysql/5.1.html#downloads Select Source Code

What is the method for viewing MySQL compilation parameters? Cat/usr/local/mysql/bin/mysqlbug|grep Configure

2. mysql configuration file my.cnf, can be placed in addition to the/etc/directory under the other directory?

Can be placed in a different directory, but you need to specify the configuration file when you start, or define the path of the configuration file in the startup script

To manually start the MySQL command:

/usr/local/mysql/bin/mysqld_safe--defaults-file=/data/my.cnf--user=mysql--datadir=/data/mysql

Or in the startup script/etc/init.d/mysqld, search for conf=/etc/my.cnf, and modify

3. Compare the lamp environment and the LNMP environment when compiling PHP, what are the differences between compilation parameters?

Lamp PHP has a specified APXS,LNMP not specified in the LNMP, there is an item called--enable-fpm,lamp No

4. After the installation of PHP, compare the lamp php and LNMP PHP directory structure is different?

PHP LNMP a few more directories than the lamp PHP: sbin, Share, Var

5. Think about whether the PHP installation directory/usr/local/php in the lamp environment can be deleted?

Can be removed, because the PHP in the lamp as a dynamic module of Apache libphp5.so to invoke, the only impact is if you specify a PHP configuration file php.ini in the PHP directory, if deleted after the configuration file invalidation.

6. What is the PHP configuration file? What is the configuration file for php-fpm?

PHP configuration file when php.ini, php-fpm configuration file php-fpm.conf

7. How to detect the Nginx configuration file is wrong? How do I detect the error of the PHP-FPM configuration file?

/usr/local/nginx/sbin/nginx-t

/usr/local/php/sbin/php-fpm-t

8. In this chapter, there are two "chmod 755/etc/init.d/xxx" where xxx is php-fpm and nginx, think about why to change their permissions, if not change, what will be the problem?

Because PHP-FPM and nginx are startup scripts, script execution must have execute permissions, and if you do not give execute permissions, they will not be properly added to the system service.

9. How does Nginx parse the php file? How does it relate to PHP?

Nginx parsing PHP, is proxy agent of the PHP-FPM, in the Nginx configuration file has such a paragraph:

Location ~ \.php$ {include fastcgi_params;        Fastcgi_pass Unix:/tmp/php-fcgi.sock;        Fastcgi_index index.php;    Fastcgi_param Script_filename/backup/sphinx/build/html$fastcgi_script_name; }

This is used to specify PHP-FPM, Nginx itself can not parse PHP, it is just a simple Web services software, but Nginx has a good function is to be a proxy server, and PHP-FPM can parse PHP, So as long as the Nginx agent php-fpm can parse PHP.

10. Configure the Nginx access log and write a log cut script to cut by day.

Configure Nginx log, first need to define the log format, this format in the Nginx.conf httpd module configuration, reference format:

Log_format main1 ' $proxy _add_x_forwarded_for-$remote _user [$time _local] "" $request "$status $bod Y_bytes_sent ' "$http _referer" "$http _user_agent";

Where Main1 is the name of the log format, this will be used. Then in the virtual host configuration segment, which is the server section, the configuration Plus

Access_log/var/log/xxx/access.log main1;

Log Cut script (known access log is/var/log/xxx/access.log):

#! /bin/bashd= ' date-d '-1 day "+%y%m%d '/bin/mv/var/log/xxx/access.log/var/log/xxx/$d-access.log/bin/kill-hup ' cat/usr /local/nginx/logs/nginx.pid '//where nginx pid file is/usr/local/nginx/logs/nginx.pid# if the script name is/usr/local/sbin/nginx_ Logrotate.sh, join the scheduled task

0 0 * * */bin/bash/usr/local/sbin/nginx_logrotate.sh

11. Configure Nginx domain redirection, such as a virtual host to support multiple domain access, abc.com and 123.com so that 123.com access to abc.com

In the corresponding virtual configuration file, add:

if ($host! = ' abc.com ') {rewrite ^/(. *) $ http://abc.com/$1 permanent; }

12. Configuring user authentication for Nginx

You need to install the HTPASSWD command first: Yum install-y httpd

Htpasswd-c/USR/LOCAL/NGINX/CONF/HTPASSWD Test//Add test user, the first time you add the-c parameter, the second time add does not need the-c parameter

Add in Nginx corresponding virtual host configuration file

Location/{root/data/www/wwwroot/count;                      Auth_basic "Auth";            AUTH_BASIC_USER_FILE/USR/LOCAL/NGINX/CONF/HTPASSWD; }

13. For Nginx site, set prohibit PHP program parsing in a directory

For example, prohibit PHP parsing under the ABC directory:

Location ~. *abc/.*\.php?$ {deny all; }

14. Use Nginx proxy for a site

For example, to proxy www.baidu.com on our nginx server, you can create a new virtual configuration file baidu.conf

server {            listen 80;             server_name www.baidu.com;              proxy_set_header Host    $host;               location  / {                proxy_ pass      http://61.135.169.125/;                 proxy_set_header X-Real-IP        $remote _addr;                 proxy_set_header X-Forwarded-For  $proxy _add_x_forwarded_for;         &nBsp;   }#            access_log   /tmp/1.log;        }

15. Configure Nginx limit to allow only one IP access

In the corresponding virtual host configuration file, add the

Allow 1.1.1.1;

Allow 2.2.2.2;

Deny all;

16. Set the Nginx anti-theft chain, such as just want to let www.lishiming.net this domain name Referer access, other sites can not access

The first point needs to be clear, the anti-theft chain is for pictures or other static files to set, such as I do not want to let other sites reference My site's pictures, you can set up the anti-theft chain. In the corresponding virtual configuration file, add:

Location ~* ^.+\. (Gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $ {valid_referers None blocked Server_names w  Ww.lishiming.net;                The sites for these domain names are not hotlinking.                        if ($invalid _referer) {return 403; }                }

When you can also write more than one whitelist domain name, or use a wildcard character:

Valid_referers None blocked Server_names *.lishiming.net *.baidu.com;

Sometimes, we also have this demand, if other sites reference our image, you can let it display as our own designated a picture:

if ($invalid _referer) {rewrite ^/http://www.example.com/nophoto.gif; }

. Nginx settings according to User_agent to restrict access, such as the ban Baidu spiders visit the site Baidu Spider user_agent for mozilla/5.0 (compatible; baiduspider/2.0; +http://www.baidu.com/search/spider.html)

So, we can write this:

Location/{if ($http _user_agent ~ ' Baiduspider ') {return 403; }        }

Nginx Configuration Virtual Directory

Problem: www.111.com site root directory for/data/web/, now want to www.111.com a site, www.111.com/abc/but not directly under the/data/web/to create the ABC directory, to be placed in/data1/ Under the abc/.

Workaround: Use the Nginx alias feature to implement the virtual directory, in the configuration file to add

Location ~/abc/(. *) $ {alias/data1/abc/$1;}

Configuring multiple pool in php-fpm.conf, how to configure Open_basedir and slow_log for each pool

Multiple pool can be configured in php-fpm.conf, and Open_basedir and Slow_log can be configured for each pool

First, the configuration file format for php-fpm.conf is:

[Global] ..... [Www.domain1.com] ..... [Www.domain2.com] .....

Configure Open_basedir and Slow_log to include in the appropriate pool:

Slowlog = Log/www.default.com.slow

Request_slowlog_timeout = 1

php_admin_value[open_basedir]=/data/release/www.domain.com/:/tmp/

Among them, Open_basedir can write multiple directories, use between multiple directories: separate

Day 43rd: Nginx related issues