Simple Configuration service-side proxy Tengine

just finished Apache, then write about Tengine (Nginx). Tengine is open-source software built on Nginx, add a lot of feature, and you can use custom memory management, whether as a front-end agent, or front-end cache, the effect is Meng da.

Nginx and Tengine are slightly different, please check the official wiki, tengine.

as with Apache, simply block some access and add and modify it to your own situation.

# robots.txt do not record Location=/robots.txt{access_log off;log_not_found off;} # Favicon.ico do not record Location=/favicon.ico{access_log off;log_not_found off;} # hidden files are not logged and access to location~/\ is forbidden. {Access_log off;log_not_found off;deny all;} # A nonexistent backup file is not logged and is forbidden to access location~* "Bbs\.zip" {access_log off;log_not_found off;deny all;} location~* "Wwwroot\.zip" {access_log off;log_not_found off;deny all;} Location~* ". *\.asp$|. *\.aspx$|. *\.jsp$|. *\.mdb|. *\.log "{Access_log off;log_not_found off;deny all;} location~* "Fckeditor|ckfinder|~root" {access_log off;log_not_found off;deny all;} # ~ End file is not logged and access is forbidden location~~${ Access_log off;log_not_found Off;deny All;} # Set the common file cache to 30 days location~.*\. (GIF|JPG|JPEG|PNG|BMP|SWF|JS|CSS) ${expires30d;} # # # # # # # block some settings for injection # #location ~* "union.*select.*\ (|union.*all.*select.* |concat.*\ ("{Deny all;} # # # Prevents some of the general exploitation of the settings # #location ~* "Proc/self/environ" {Deny All;} # # # # #if ($http _user_agent ~ "\b (Ultram|unicauc A|valium|v\iagra|vicodin|xanax|ypxaieo|erections|hoodia|huronriveracres|impotence|levitra|libido|ambien|blue\spill|cialis|cocaine|ejaculation|erectile|lipitor|phentermin|pro[sz]ac|sandyauer| Tramadol|troyhamby) {return404;} # # # Prevents some of the UA's settings # #set $block _user_agents0;# deny no UA access if ($http _user_agent~ "^$") {set$ Block_user_agents1;} # Reject Wget and Curlif ($http _user_agent~ "wget|wget|curl|libwww-perl|httplib|" according to your own circumstances wordpress|wordpress| pycurl| Poe::component::client| ineturl| Microsoft URL Control ") {set$block_user_agents1;} if ($http _user_agent~ "webcopier| Offline explorer| Sphider|mail ") {set$block_user_agents1;} if ($http _user_agent~ "opera/9\.0 \ (Windows nt5\.1; u;en\) | opera/6\.01 \ (Windows ME; u\) (\[en\] ") {set$block_user_agents1;} if ($http _user_agent~ "mozilla/3\.0") {set$block_user_agents1;} if ($http _user_agent~ "dotbot| Yandexbot| Superfeedr ") {set$block_user_agents1;} if ($block _user_agents=1) {return404;}

Handling of access to the default IP

# # # Default IP address # #server {    listen       80default;    server_name  _;     location/{        # allows which        if (own condition) {            return200;        }        # Disable direct access to IP address        return444;    }}

Simple configuration access rules, with the use of fast-cgi programs such as HHVM, omitting configuration directory inversion and so on.
here Apache and Nginx have a detail difference, Apache Rewrite-l is forced to turn, nginx if you want to implement the recessive 301 must use proxy mode.

# # soulteary.com www.soulteary.comserver{    listen80;    server_name soulteary.com www.soulteary.com;    # # If you do a data separation, you can remove it.    # # Client_max_body_size 10m;     Access_log/yourpath/www.soulteary.com/logs/access.log;    Error_log/yourpath/www.soulteary.com/logs/error.log;     Server_name_in_redirect off;    Include nginx-security.conf;     Root/yourpath/www.soulteary.com/public;    Index index.php index.html index.htm;     Location~/\. (gif|jpg|png|css|js|ico|swf|svg) ${        expires Max;    }     location/{        try_files$uri$uri//index.php?q= $uri & $args;    }     Location~\. (hh|php) ${        fastcgi_keep_conn on;        Fastcgi_pass   127.0.0.1:9000;        Fastcgi_index  index.php;        Fastcgi_param  Script_filename$document_root$fastcgi_script_name;        Include        fastcgi_params;    }}

use Nginx as the setting for node front-end forwarding.

Of course, if your node directly in the forefront, then please modify, for the IP address directly take remoteaddress, do not trust forwarding.

upstreamghost_soulteary_upstream{server127.0.0.1        : 2378; Keepalive64;}    server{Listen80;    server_name www.soulteary.im soulteary.im;     If_modified_since before;    Server_name_in_redirect off;     Include nginx-node-security.conf;        location/{proxy_cache_valid20030m;        proxy_cache_valid4041m;        Proxy_pass Http://ghost_soulteary_upstream;        Proxy_ignore_headersx-accel-expires Expires Cache-control;        Proxy_ignore_headers Set-cookie;        Proxy_hide_header Set-cookie;        proxy_hide_headerx-powered-by;        PROXY_SET_HEADERX-REAL-IP$REMOTE_ADDR;        Proxy_set_headerx-forwarded-for$proxy_add_x_forwarded_for;        Proxy_set_header Host$http_host;    expires10m; }}

If you just need a simple static site, you can use the following configuration:

# # www.soulteary.comserver{    listen80;    server_name www.soulteary.com;     Access_log/yourpath/www.soulteary.com/logs/access.log;    Error_log/yourpath/www.soulteary.com/logs/error.log;     Server_name_in_redirect off;    Include nginx-security.conf;     Valid_referers None blocked Server_names *.soulteary.com soulteary.com;    if ($invalid _referer) {        rewrite^/"http://www.baidu.com/s?wd= mother said don't hotlinking" last;        return404;    }     Root/yourpath/www.soulteary.com/public;    Index index.html;}

then write the network/redis/hhvm/ghost settings.

Simple Configuration service-side proxy Tengine