Nginx configuration file description

-- Redirect nginx error page --

 

In the nginx configuration file, you can configure the redirection page in which an error occurs. The nginx. conf file contains the following configuration information:

Error_page 404/404 .html;

The 404.html file must be in the HTML directory of the nginx main directory. If you need to directly jump to another address after the 404 error occurs, you can directly set it as follows:

Error_page 404 http: // www. ***. com;

Common errors such as 403 and 500 can be defined in the same way.

The page size of the 404.html file must exceed 512 KB. Otherwise, it will be replaced by IE's default error page.

 

-- Nginx status monitoring configuration --

 

Note that nginx does not contain the Status Module stub_status by default. Therefore, you must add the following parameters when compiling nginx:

With-http_stub_status_module

Once the stub_status module is included, we can enable the status page in the configuration file nginx. conf:

HTTP {server {Listen 80; SERVER_NAME localhost; Location/{root HTML; index index.html index.htm;} location/nginx-status {stub_status on; access_log off ;}}}

In the preceding configuration file, we actually add the following parts:

Location/nginx-status {stub_status on; access_log off ;}

Similarly, if the IP address of the nginx server is 10.0.0.1 and the domain name is www.domain.com, The nginx status page is:

Http: // 10.0.0.1/nginx-status

Or

Http://www.domain.com/nginx-status

Similarly, we recommend that you change the nginx-status in the preceding example to another string.

In addition, the stub_status of nginx also supports the configuration of authorized IP addresses. You can refer to the nginx manual. the IP address of the service monitoring site provided by cloudmonitor is:

60.195.252.106 60.195.249.83

-- Apache monitoring configuration --

 

Modify httpd. conf

Before adding Apache monitoring, we need to enable the Apache Status Module. Taking apache2.x as an example, we need to modify httpd. conf and add the following configuration sections:

Extendedstatus on <location/Server-status> sethandler server-status order deny, allow deny from all allow from 60.195.252.106 allow from 60.195.249.83 </location>

In this way, assume that the domain name and IP address of your Apache server are

Www.domain.com-> 10.0.0.1

Then, the Apache status page address is:

Http://www.domain.com/server-status

Or

Http: // 10.0.0.1/Server-status

Restricted access settings

We certainly do not want others to browse the status page, so you can make some restrictions. First, you can modify the default status address, for example:

<Location/Server-status>

To:

<Location/My-Domain-status>

Secondly, you can see that we provide the specified authorized IP addresses: 60.195.252.106 and 60.195.249.83. You can only authorize this address to access your status page.

 

-- Nginx static file processing --

 

Through regular expressions, nginx can identify various static files. For example, all requests in the images path can be written as follows:

Location ~ ^/Images /{

Root/opt/webapp/images;

}

The following configuration defines several file-type request processing methods.

Location ~ . (HTM | HTML | GIF | JPG | JPEG | PNG | BMP | ICO | CSS | JS | txt) $ {

Root/opt/webapp;

Expires 24 h;

}

For examples, static html files, JS script files, and CSS style files, we hope nginx can directly process and return them to the browser, which can greatly speed up Web browsing. Therefore, for such files, we need to use the root command to specify the file storage path. At the same time, because such files are not often modified, the expires command is used to control their cache in the browser, to reduce unnecessary requests. The expires command can control the header labels of "expires" and "cache-control" in the HTTP Response (to control the page cache ). You can use the following format to write expires:

Expires 1 January, 1970, 00:00:01 GMT;

Expires 60 s;

Expires 30 m;

Expires 24 h;

Expires 1D;

Expires Max;

Expires off;

In this way, when you enter http: // 127.0.0.1/1.html, it will automatically jump:

/Opt/webapp/1.html

Expires 1 January, 1970, 00:00:01 GMT; expires 60 s; expires 30 m; expires 24 h; expires 1D; expires Max; expires off;

Location ~ . (HTM | HTML | GIF | JPG | JPEG | PNG | BMP | ICO | CSS | JS | txt) $ {root/opt/webapp; expires 24 h ;}

-- Nginx sets the upload directory to have no execution permission --

In Windows and IIS, you can set the upload directory, such as upload, uploadfile, and attachments. In this case, the directory does not have the script execution permission, thus preventing unauthorized users from uploading scripts to obtain webshell.

Nginx is also very simple. We use location .. As follows:

Location ~ ^/Upload/. *. (PhP | PhP5) $

{

Deny all;

}

Replace upload with the name of the directory you want to set.

This rule indicates that/upload/matches any character in the middle and matches the end of the request. PHP or. the PhP5 page finally uses deny all to prohibit access, which prevents the script execution permission of the upload directory.

 

Prohibit Access to http: // localhost/path/

Location =/path /{

Return 404;

}

 

Prohibit Access to http: // localhost/test. php

Location ^ ~ /Test

{

Deny all;

}

 

Prohibit Access to a directory named Test

Location ~ ^/(TEST )/{

Deny all;

}

 

-- Nginx rewrite settings --

First, nginx can use if for condition matching. The syntax rules are similar to C, for example:

If ($ http_user_agent ~ MSIE ){

Rewrite ^ (. *) $/MSIE/$1 break;

}

1. Regular Expression matching, where:

*~ Case-sensitive matching

*~ * Case-insensitive match

*!~ And !~ * Case-insensitive and case-insensitive

2. file and directory matching, where:

*-F and! -F is used to determine whether a file exists.

*-D and! -D is used to determine whether a directory exists.

*-E and! -E is used to determine whether a file or directory exists.

*-X and! -X is used to determine whether a file is executable.

For example:

If (! -F $ request_filename ){

Proxy_pass http: // 127.0.0.1;

}

Second, the rewrite rules of nginx are almost identical to those of Apache. The difference is the final flag. For example:

Rewrite ^/feed/$ last http://feed.shunz.net;

Flag labels include:

* Last is equivalent to the [l] Mark in Apache, indicating that rewrite is completed and subsequent rules are not matched.

* Break is similar to last.

* Redirect returns 302 temporary redirection

* Permanent returns 301 permanent redirection

WordPress redirection rules:

If (! -E $ request_filename ){

Rewrite ^/(index | atom | RSD). xml $ http://feed.shunz.net last;

Rewrite ^ ([_ 0-9a-za-z-] + )? (/WP-. *) $2 last;

Rewrite ^ ([_ 0-9a-za-z-] + )? (/. *. Php) $2 last;

Rewrite ^/index. php last;

}

Discuz! Redirection rules:

If (! -F $ request_filename ){

Rewrite ^/archiver/(FID | tid0000-0000w-00000000.html) $/archiver/index. php? $1 last;

Rewrite ^/forum-(%0-9%%%%-(%0-9%%%%%%.html $/Forumdisplay. php? FID = $1 & page = $2 last;

Rewrite ^/thread-(0-9000000000000-(0-9000000000000-(0-90000000000000000.html $/viewthread. php? Tid = $1 & extra = page = $3 & page = $2 last;

Rewrite ^/space-(username | uid316-(.20.0000.html $/space. php? $1 = $2 last;

Rewrite ^/tag-(.20.20..html $/Tag. php? Name = $1 last;

}

 

-- Nginx anti-leech --

Location/photos /{

Valid_referers none blocked www.mydomain.com mydomain.com;

If ($ invalid_referer ){

Return 403;

}

}

Nginx configuration file description