Linux Learning Notes-24th lesson-lnmp-nginx Advanced Configuration (iii)

Source: Internet
Author: User


First, user authentication

User authentication is the use of Apache tools htpasswd generated keys, so you need to install the Apache tool, we use Yum to install it.

[email protected] ~]# yum install-y httpd-tools[[email protected] ~]# htpasswd-cm/usr/local/nginx/conf/.htpasswd Mydis Cuznew password:re-type new password:adding password for user mydiscuz[[email protected] ~]# cat/usr/local/nginx/conf/.h Tpasswdmydiscuz: $apr 1$ejpla15t$kuyykf8at2i77oogz0kuz1

Modify the configuration, primarily to modify the server module

Location/{auth_basic "Closed"; Auth_basic_user_file. htpasswd; <== here to note the path of the encrypted file}

Second, the static file cache

Location ~. *\.     (gif|jpg|jpeg|png|bmp|swf) $ {expires 30d;     Access_log off; }location ~. *\.     (JS|CSS)? $ {Expires 12h;     Access_log off; }


Third, anti-theft chain


Location ~* ^.+\. (Gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls) $ {                    valid_referers none blocked  server_names  *.taobao.com *.baidu.com *.google.com *.google.cn *.soso.com  ;                  if  ($invalid _referer)  {                         return 403;#                         rewrite ^/ http://www.example.com/nophoto.gif;                         }                 } 


Iv. Domain Redirection

if ($host! = ' bbs.a.com ') {rewrite ^/(. *) $ http://bbs.a.com/$1 permanent; }


Five, log cutting

Because Nginx does not have automatic cutting log function, it needs to edit the script manually

Scripting: vim/usr/local/sbin/logrotate.sh//Join

#! /bin/bashdatedir= ' Date +%y%m%d '/bin/mkdir/home/logs/$datedir >/dev/null 2>&1/bin/mv/home/logs/*.log/ home/logs/$datedir/bin/kill-hup ' cat/var/run/nginx.pid '


Vi. Setting the contents of a log record

Log formatting
Log_format Main ' $remote _addr-$remote _user [$time _local] $request '
"$status" $body _bytes_sent "$http _referer"
' "$http _user_agent" "$http _x_forwarded_for";

Log_format main1 ' $proxy _add_x_forwarded_for-$remote _user [$time _local] '
"$request" $status $body _bytes_sent '
' "$http _referer" "$http _user_agent"; This log format is that IP not only records the proxy IP but also records the remote client real IP.

Vii. access Control

Restrict access to only one IP
Allow 219.232.244.234;
Deny all;

Prohibit an IP or IP segment from accessing the site's Setup method

First set up the following configuration file under the Nginx conf directory, named Deny.ip
Cat Deny.ip
Deny 192.168.1.11;
Deny 192.168.1.123;
Deny 10.0.1.0/24;

In the Nginx configuration file nginx.conf, add:
Include Deny.ip;

Restart the Nginx service:/usr/local/nginx/sbin/nginx reload can take effect.

You can also use Deny all in the DENY.IP format;
If you want to implement such an application, except for a few IPs, all others reject,
That's what you need to write in Deny.ip.
Allow 1.1.1.1;
Allow 1.1.1.2;
Deny all;

Sometimes the PHP parsing is restricted according to the directory:
Location ~. * (diy|template|attachments|forumdata|attachment|image)/.*\.php$
{
Deny all;
}


Viii. using User_agent to control client access
Location/
{
if ($http _user_agent ~ ' bingbot/2.0| mj12bot/v1.4.2| spider/3.0| Youdaobot| tomato| gecko/20100315 ') {
return 403;
}
}

Nine, nginx agent

    server {
            listen;
            server_name aaa.com;

            location/{
                 proxy_pass      http://2.2.2.2/;
                proxy_set_header host    $host;
                proxy_set_header x-real-ip     & nbsp, $remote _addr;
                proxy_set_header x-forwarded-for $proxy _add_x_ Forwarded_for;
            }
#            access_log  /home/logs/aaa_access.log combined;
        }

This article is from the "topspeed_king" blog, make sure to keep this source http://mylinuxlife.blog.51cto.com/4706737/1654758

Linux Learning Notes-24th lesson-lnmp-nginx Advanced Configuration (iii)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.