Xishan Meidi, Minzhi Street, Longhua new district, Shenzhen City, Guangdong Province, China
518131
+ 86 13113668890
+ 86 755 29812080
<[Email protected]>
Copyright©2014 http://netkiller.github.io
Copyright Notice
For reprinting, contact the author. During reprinting, be sure to indicate the original source, author information, and this statement.
|
|
|
2014-09-17
Summary my documents| Netkiller impact ect shouzha | Netkiller developer notebook | Netkiller PHP notebook | Netkiller Python notebook | Netkiller testing shouzha | Netkiller cryptography notebook |
| Netkiller Linux shouzha | Netkiller Debian shouzha | Netkiller centos notebook | Netkiller FreeBSD notebook | Netkiller shell shouzha | Netkiller security statement |
| Netkiller web shouzha | Netkiller monitoring shouzha | Netkiller storage shouzha | Netkiller mail shouzhi | Netkiller docbook notebook | Netkiller version |
| Netkiller database shouzhi | Netkiller PostgreSQL notebook | Netkiller MySQL notebook | Netkiller nosql notebook | Netkiller LDAP notebook | Netkiller network shouzha |
| Netkiller Cisco IOS notebook | Netkiller H3C notebook | Netkiller multimedia notebook | Netkiller Perl notebook | Netkiller Amateur Radio shouzha | Netkiller devops notebook |
SSI is contained on the server page. ssi works on the Web server. The web server can contain another page on one page. in the user's view, there is only one page.
2. Why ssi?We have many other sub-sites. The headers of all websites are the same as footer, and some block blocks are also shared. Therefore, we split the shared part and use SSI to include it as needed.
3. Who is responsible for SSI production?Experienced artists can use SSI flexibly, and programmers can learn SSI in a short time.
4. How to Handle SSI inclusion 4.1. ssi directory Planning/www/example.com |-- inc.example.com |-- www.example.com |-- images.example.com |-- acc.example.com
Inc.example.com is an SSI Shared File that stores SHTML files.
Www.example.com is the main site and will use the public module in inc.example.com.
Acc.example.com is similar to www.example.com.
Note:/Www/inc.example.com is a public directory. You do not need to configure nginx and cannot access this directory through a browser.
Why do we need independent public files instead of under the/www/www.example.com directory? I want to facilitate code release. The advantage of separation is that I can publish code for inc.example.com without affecting other projects.
Because include acts on the $ document_root directory of the web server, for example, the current $ document_root is/www/example.com/www.example.com
<! -- # Include file = "/example.shtml" --> The/www/example.com/www.example.com/example.shtml file is referenced, instead of the operating system root directory.
Therefore, we cannot reference the public file "inc.example.com" at the same level as www.example.com. For example:
<! -- # Include file = "/www/example.com/inc.example.com/example.shtml" --> The/www/hosts file is referenced instead of the operating system root directory. <! -- # Include file = "../inc.example.com/example.shtml" --> references cannot work normally.
This is a server restriction. If SSI may contain files other than $ document_root, security issues may occur, such
<!--#include file="/etc/passwd"-->
How can we break through the limits? I have come up with an alias. I use the alias/include to reference the alias in the/www/example.com/inc.example.comdirectory, for example:
location /include/ { root /www/example.com/inc.example.com; }Prompt
The SSI Implementation of Apache and nginx servers is slightly different from that of include file and include virtual.
4.2. www.example.com static Content Server# cat /etc/nginx/conf.d/www.example.com.confserver { listen 80; server_name www.example.com; charset utf-8; access_log /var/log/nginx/www.example.com.access.log; error_log/var/log/nginx/www.example.com.error.log; location / { root /www/example.com/www.example.com; index index.html; } location /include/ { root /www/example.com/inc.example.com; } location /info/ {proxy_pass http://info.example.com/; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; }}4.3. acc.example.com Dynamic Web Server
server { listen 80; server_name acc.example.com; charset utf-8; access_log /var/log/nginx/acc.example.com.access.log; error_log/var/log/nginx/acc.example.com.error.log; set $X_FORWARDED_FOR $http_x_forwarded_for; location / { root /www/example.com/acc.example.com/htdocs; index index.php; try_files $uri $uri/ /index.php?/$request_uri; } location /include/ { root /www/example.com/inc.example.com; } location ^~ /images/ { rewrite /images/(.+)$ /$1 break; proxy_pass http://images.example.com; break; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /www/example.com/acc.example.com/htdocs/$fastcgi_script_name; include fastcgi_params;fastcgi_param DOCUMENT_ROOT /www/example.com/acc.example.com/htdocs; }}Note:
This server does not provide external servers. It only allows the following SSL server to be detached through reverse proxy connection.
4.4. SSL uninstall ServerTransfers the SSL Certificate processing, confidentiality, and decryption operations to this server, so that the business server is not allowed to process the certificate encryption and decryption operations. The preceding HTTP Intranet access and HTTPS external access, HTTPS uses reverse proxy to connect to the HTTP server for SSL Certificate uninstallation
upstream acc.example.com { server acc1.example.com; server acc2.example.com; server acc3.example.com;}server { listen 443; server_name acc.example.com; ssl on; ssl_certificate /etc/nginx/example.com/acc.example.com.pem; ssl_certificate_key /etc/nginx/example.com/acc.example.com.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / {proxy_pass http://acc.example.com;proxy_http_version 1.1;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; break; }}4.5./www/inc.example.com Public inclusion File
/Www/inc.example.com/include/cn/config.html
<!--#set var="HTML_HOST" value="http://www.example.com"--><!--#set var="INFO_HOST" value="http://info.example.com"--><!--#set var="NEWS_HOST" value="http://news.example.com"--><!--#set var="IMG_HOST" value="http://images.example.com"--><!--#set var="JS_HOST" value="http://images.example.com"--><!--#set var="CSS_HOST" value="http://images.example.com"--><!--#if expr="${X_FORWARDED_FOR}"--><!--#set var="ACC_HOST" value="https://myid.example.com"--><!--#set var="IMG_HOST" value="/images"--><!--#set var="JS_HOST" value="/images"--><!--#set var="CSS_HOST" value="/images"--><!--#else --><!--#set var="ACC_HOST" value="http://myid.example.com"--><!--#set var="IMG_HOST" value="http://images.example.com"--><!--#set var="JS_HOST" value="http://images.example.com"--><!--#set var="CSS_HOST" value="http://images.example.com"--><!--#endif -->
$ {X_forwarded_for} is used to determine whether the user enters through HTTP or HTTPS. Because images.example.com does not have an SSL certificate, a differentiated image loading address is required. /Images connects the http://images.exampe.com through reverse proxy.
4.6. Reference an instance containing files<! -- # Include file = "/include/CN/config.html" --> <! Doctype> <HTML>SSL Certificate uninstallation and SSI advanced application
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
