Nginx server configuration details

Source: Internet
Author: User

Nginx server configuration details

Nginx code is composed of a core and a series of modules. The core is mainly used to provide basic functions of Web Server and reverse proxy functions of Web and Mail. It is also used to enable network protocols, create the necessary runtime environment and ensure smooth interaction between different modules. However, most of the protocol-related functions and specific functions of an application are implemented by the nginx module. These functional modules can be roughly divided into the event module, stage processor, output filter, variable processor, protocol, upstream and load balancing categories, which constitute the nginx http function. The event module is mainly used to provide OS independent event notification mechanisms (different operating systems have different event mechanisms), such as kqueue or epoll. The protocol module establishes a session with the corresponding client through http, tls/ssl, smtp, pop3, and imap.

The core modules of Nginx are Main and Events. In addition, they include the standard HTTP module, optional HTTP module, and mail module. They also support many third-party modules. Main is used to configure parameters related to error logs, processes, and permissions. Events is used to configure IO models, such as epoll, kqueue, select, and poll. They are necessary modules.

For more Nginx tutorials, see the following:

Deployment of Nginx + MySQL + PHP in CentOS 6.2

Build a WEB server using Nginx

Build a Web server based on Linux6.3 + Nginx1.2 + PHP5 + MySQL5.5

Performance Tuning for Nginx in CentOS 6.3

Configure Nginx to load the ngx_pagespeed module in CentOS 6.3

Install and configure Nginx + Pcre + php-fpm in CentOS 6.4

Nginx installation and configuration instructions

Nginx log filtering using ngx_log_if does not record specific logs

The main configuration file of Nginx consists of several segments, which are also called the nginx context. The Definition Format of each segment is as follows. Note that each of its commands must end with a semicolon (;); otherwise, it is a syntax error.

  1. <Section> {
  2. <Directive> <parameters>;
  3. }
1. Global block configuration
  1. User username [groupname]; specifies the users and groups that run the worker Process
  2.  
  3. Worker_processes 4; number of worker processes. Generally, the value is equal to the number of physical cores of the CPU minus 1. The default value is 4.
  4.  
  5. Error_log/path/to/error_log level [debug | info | notice | warn | error | crit | alert | emerg]; error Log File and its level. The default value is error level, the error log is at the global level, the access log is at the VM level, and the debug level can be used for debugging, but the debug function must be enabled using-with-debug during compilation;
  6.  
  7. Pid/path/to/pidfile_name; specify the pid file of nginx

After nginx is installed, the global block has only these configurations by default.

Ii. events block configuration
  1. Events {
  2. Use epoll; defines the event-driven model used. We recommend that you enable nginx to automatically select the model. epoll is used by default.
  3. Worker_connections 1024; Maximum number of concurrent requests that each worker can respond to. The default value is 1024.
  4. }

Nginx only configures these two options in events;

The following describes how to configure http blocks. http blocks have many configurations and are used flexibly. The following are common configurations.

  1. Http {
  2. .....
  3. Server {
  4. ......
  5. Location {
  6. ......
  7. }
  8.  
  9. }
  10. Server {
  11. ......
  12. Location {
  13. ......
  14. }
  15. }
  16. }
Iii. nginx VM usage

Similar to the implementation of httpd virtual hosts, nginx has Virtual Machine hosts Based on ports, IP addresses, and domain names. To configure a virtual host for nginx, you only need to define an additional server block in the http block.

1. When configuring a port-based virtual host, you only need to modify the port number in listen.

  1. Http {
  2. Server {
  3. Listen 80;
  4. Server_name a.com;
  5. ......
  6. }
  7. Server {
  8. Listen 8080;
  9. Server_name B .org;
  10. ......
  11. }
  12. }

2. configure a domain name-based VM

  1. Http {
  2. Server {
  3. Listen 80;
  4. Server_name a.com;
  5. ......
  6. }
  7. Server {
  8. Listen 80;
  9. Server_name B .org;
  10. ......
  11. }
  12. }

3. Configure an IP-based VM

  1. Http {
  2. Server {
  3. Listen 192.168.1.110: 80;
  4. Server_name a.com;
  5. ......
  6. }
  7. Server {
  8. Listen 192.168.1.111: 80;
  9. Server_name B .org;
  10. ......
  11. }
  12. }
4. access Control Module (based on IP)

Check from top to bottom. You can configure it in http, server, location, and limit_except, which is similar to the configuration in httpd.

  1. Syntax: allow | deny address | CIDR | unix: | all;
  2.  
  3. Location /{
  4. Root/usr/html;
  5. Index index.html index.htm;
  6. Allow 172.16.100.8;
  7. Allow 192.168.0.0/16;
  8. Allow 10.1.1.0/16;
  9. Deny all;
  10. }
5. User Authentication example

This configuration is used to prohibit external users from accessing a specific page. You need to create a password file by using httpd's htpasswd.

  1. Syntax: auth_basic string | off;
  2. Auth_basic_user_file file;
  1. Example:
  2.  
  3. Location/server {
  4. Root/usr/html;
  5. Access_log off; # access log
  6. Auth_basic "amdin area"; # description during authentication
  7. Auth_basic_user_file/etc/nginx/. htpasswd; # location of the password file
  8.  
  9. }
6. Create the download site autoindex Module

This module is similar to the ftp function to facilitate users to download files from the website.

  1. Location /{
  2. Root html/ftp;
  3. Allow all;
  4. Autoindex on; # enable/disable automatic indexing
  5. Autoindex_exact_size on; # Set the file size unit (B, KB, MB or GB) during indexing)
  6. Autoindex_localtime on; # enable the local time to display the file time. The default value is GMT)
  7. }
VII. Anti-leech

Anti-leech protection is designed to prevent other websites from using images, videos, and other resources of their websites and impose additional burdens on their websites. Nginx uses the valid_referers command to configure anti-leech rules.

(1) Definition of reference to compliance


Valid_referers none | blocked | server_names | string ...;

 

None: check if the referer header does not exist

Blocked: checks whether the referer header field value is deleted or disguised by the firewall or proxy server. In this case, the value of this header field does not start with http or https.

Server_names: set one or more URLs. You can use the wildcard *.


(2) reject noncompliant references

 

  1. If ($ invalid_referer ){
  2. Rewrite ^/. * $ http://www. B .org/403.html
  3. }

Example:

  1. Location ~ * \. (Gif | jpg | png | swf | flv | rar | zip) $
  2. {
  3. Root/usr/html/htdocs;
  4. Valid_referers none blocked server_names * .tianfeiyu.com;
  5. If ($ invalid_referer ){
  6. Rewrite ^/http://www.tianfeiyu.com/wp-content/uploads/2016/01/qq 60131111643.png;
  7. }
  8. }
8. URL rewrite

Rewrite is used to rewrite the URI, which must be supported by pcre.


Rewrite command execution sequence:

 

1. Execute the rewrite command of the server block (the block here refers to the area surrounded by {} after the server keyword, And the other xx blocks are similar)

2. Execute location matching

3. Execute the rewrite command in the selected location

If the URI of a specific step is overwritten, execute 1-3 again until the actual file is found.

If the number of loops exceeds 10, the Error 500 Internal Server Error is returned.

 

  1. Rewrite regex replacement [flag];
  1. Location /{
  2. Root/www/B .org; # Each time the rewrite matches and ends, the request must be resent and matched again in the location. If there is a break, the request will respond directly and no new request will be sent.
  3. Rewrite ^/images/(. *) $/imgs/$1 last;
  4. }

Request order: http://www. B .org/images/a.jpg-> http://www. B .org/imgs/a.jpg

Last: once the current rule matches and is overwritten, the system immediately stops checking other subsequent rewrite rules, and then re-initiates the request through the rewritten rule;

Break: once the current rule matches and is overwritten, other subsequent rewrite Rules will be stopped immediately, and nginx will continue to perform subsequent operations;

Redirect: 302 temporary redirection is returned;

Permanent: 301 permanent redirection is returned;

Location/download /{

Rewrite ^ (/download/. *)/media/(. *) \... * $1/media/pai2.mp3 break;

}

If the value is last, nginx can be recycled up to 10 times. If the value exceeds the limit, the system returns the 500 error;

Note: Generally, the break flag is used to write rewrite in location, or the rewrite is written in the if context;

Rewrite_log on | off; Whether to record the rewrite process in the error log; notice level by default; off by default;

Return code; used to end the rewrite rule and return the status code for the customer. The available status codes include 204,400,402-406,500-504;

For more details, please continue to read the highlights on the next page:

  • 1
  • 2
  • Next Page

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.