First, user authentication
User authentication is the use of Apache tools htpasswd generated keys, so you need to install the Apache tool, we use Yum to install it.
[email protected] ~]# yum install-y httpd-tools[[email protected] ~]# htpasswd-cm/usr/local/nginx/conf/.htpasswd Mydis Cuznew password:re-type new password:adding password for user mydiscuz[[email protected] ~]# cat/usr/local/nginx/conf/.h Tpasswdmydiscuz: $apr 1$ejpla15t$kuyykf8at2i77oogz0kuz1
Modify the configuration, primarily to modify the server module
Location/{auth_basic "Closed"; Auth_basic_user_file. htpasswd; <== here to note the path of the encrypted file}
Second, the static file cache
Location ~. *\. (gif|jpg|jpeg|png|bmp|swf) $ {expires 30d; Access_log off; }location ~. *\. (JS|CSS)? $ {Expires 12h; Access_log off; }
Third, anti-theft chain
Location ~* ^.+\. (Gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $ { valid_referers none blocked server_names *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com ; if ($invalid _referer) { return 403;# rewrite ^/ http://www.example.com/nophoto.gif; } }
Iv. Domain Redirection
if ($host! = ' bbs.a.com ') {rewrite ^/(. *) $ http://bbs.a.com/$1 permanent; }
Five, log cutting
Because Nginx does not have automatic cutting log function, it needs to edit the script manually
Scripting: vim/usr/local/sbin/logrotate.sh//Join
#! /bin/bashdatedir= ' Date +%y%m%d '/bin/mkdir/home/logs/$datedir >/dev/null 2>&1/bin/mv/home/logs/*.log/ home/logs/$datedir/bin/kill-hup ' cat/var/run/nginx.pid '
Vi. Setting the contents of a log record
Log formatting
Log_format Main ' $remote _addr-$remote _user [$time _local] $request '
"$status" $body _bytes_sent "$http _referer"
' "$http _user_agent" "$http _x_forwarded_for";
Log_format main1 ' $proxy _add_x_forwarded_for-$remote _user [$time _local] '
"$request" $status $body _bytes_sent '
' "$http _referer" "$http _user_agent"; This log format is that IP not only records the proxy IP but also records the remote client real IP.
Vii. access Control
Restrict access to only one IP
Allow 219.232.244.234;
Deny all;
Prohibit an IP or IP segment from accessing the site's Setup method
First set up the following configuration file under the Nginx conf directory, named Deny.ip
Cat Deny.ip
Deny 192.168.1.11;
Deny 192.168.1.123;
Deny 10.0.1.0/24;
In the Nginx configuration file nginx.conf, add:
Include Deny.ip;
Restart the Nginx service:/usr/local/nginx/sbin/nginx reload can take effect.
You can also use Deny all in the DENY.IP format;
If you want to implement such an application, except for a few IPs, all others reject,
That's what you need to write in Deny.ip.
Allow 1.1.1.1;
Allow 1.1.1.2;
Deny all;
Sometimes the PHP parsing is restricted according to the directory:
Location ~. * (diy|template|attachments|forumdata|attachment|image)/.*\.php$
{
Deny all;
}
Viii. using User_agent to control client access
Location/
{
if ($http _user_agent ~ ' bingbot/2.0| mj12bot/v1.4.2| spider/3.0| Youdaobot| tomato| gecko/20100315 ') {
return 403;
}
}
Nine, nginx agent
server {
listen;
server_name aaa.com;
location/{
proxy_pass http://2.2.2.2/;
proxy_set_header host $host;
proxy_set_header x-real-ip & nbsp, $remote _addr;
proxy_set_header x-forwarded-for $proxy _add_x_ Forwarded_for;
}
# access_log /home/logs/aaa_access.log combined;
}
This article is from the "topspeed_king" blog, make sure to keep this source http://mylinuxlife.blog.51cto.com/4706737/1654758
Linux Learning Notes-24th lesson-lnmp-nginx Advanced Configuration (iii)