003.Nginx配置修改
一 Nginx配置文件
1.1 Nginx主配置
- Main位于nginx.conf配置文件的最高层;
- Main层下可以有Event、HTTP层;
- Http层下面允许有多个Server层,用于对不同的网站做不同的配置;
- Server层下面允许有多个Location,用于对不同的路径进行不同模块的配置。
1user nginx;2 worker_processes 1;
3
4 error_log /var/log/nginx/error.log warn;
5 pid /var/run/nginx.pid;
1 events {2 worker_connections 1024;
3 }
1 http {2 include /etc/nginx/mime.types;
3 default_type application/octet-stream;
4 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
5 '$status $body_bytes_sent "$http_referer" '
6 '"$http_user_agent" "$http_x_forwarded_for"';
7 access_log /var/log/nginx/access.log main;
8 sendfile on;
9#tcp_nopush on;
10 keepalive_timeout 65;
11#gzip on;
12 include /etc/nginx/conf.d/*.conf;
13 }
1 server {2 listen 80;
3 server_name localhost;
4 location / {
5 root /usr/share/nginx/html;
6indexindex.html index.htm;
7 }
8 error_page 500 502 503 504 /50x.html;
9 location = /50x.html {
10 root /usr/share/nginx/html;
11 }
12 }
1.2 Nginx全局配置
1user nginx; #进程用户2 worker_processes 1; #工作进程,配合和CPU个数保持一致
3 error_log /var/log/nginx/error.log warn; #错误日志路径及级别
4 pid /var/run/nginx.pid; #Nginx服务启动的pid
1.3 Nginx events事件配置
1 events {2 worker_connections 1024; #每个worker进程支持的最大连接数
3 use epoll; #内核模型,select、poll、epoll
4 }
1.4 Nginx公共配置
1 http {2 include /etc/nginx/mime.types; #指定在当前文件中包含另一个文件的指令
3 default_type application/octet-stream; #指定默认处理的文件类型可以是二进制
4
5 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
6 '$status $body_bytes_sent "$http_referer" '
7 '"$http_user_agent" "$http_x_forwarded_for"'; #日志格式
8
9 access_log /var/log/nginx/access.log main; #访问日志
10
11 sendfile on; #优化静态资源
12#tcp_nopush on; #nginx不要缓存数据,而是一段一段发送
13
14 keepalive_timeout 65; #给客户端分配连接超时时间,服务器会在这个时间过后关闭连接。
15
16#gzip on; #压缩
1.5 Nginx server配置
1 server {2 listen 80; #监听端口,默认80
3 server_name localhost; #提供服务的域名或主机名
4
5#charset koi8-r;
6
7#access_log logs/host.access.log main;
8
9 location / { #控制网站访问路径
10 root /usr/share/nginx/html; #存放网站的路径
11indexindex.html index.htm; #默认访问的首页
12 }
13#error_page 404 /404.html; #错误页面
14
15# redirect server error pages to the static page /50x.html
16#
17 error_page 500 502 503 504 /50x.html; #定义请求错误,指定错误代码
18 location = /50x.html { #错误代码重定向到新的location
19 root html;
20 }
21# another virtual host using mix of IP-, name-, and port-based configuration
22#
23#server { #server段配置
24# listen 8000;
25# listen somename:8080;
26# server_name somename alias another.alias;
27
28# location / {
29# root html;
30# index index.html index.htm;
31# }
32#}
33
34
35# HTTPS server
36#
37#server { #server段配置
38# listen 443 ssl;
39# server_name localhost;
40
41# ssl_certificate cert.pem;
42# ssl_certificate_key cert.key; #SSL证书配置
43
44# ssl_session_cache shared:SSL:1m;
45# ssl_session_timeout 5m;
46
47# ssl_ciphers HIGH:!aNULL:!MD5;
48# ssl_prefer_server_ciphers on;
49
50# location / {
51# root html;
52# index index.html index.htm;
53# }
54#}
55 }
二 Nginx网站配置
2.1 Nginx配置网站
1 [root@nginx ~]# vi /etc/nginx/conf.d/base.conf2 server {
3 server_name base.linuxds.com;
4 location / {
5 root /usr/share/nginx/base;
6indexindex.html;
7 }
8 }
9
10 server {
11 server_name blog.linuxds.com;
12 location / {
13 root /usr/share/nginx/blog;
14indexindex.html;
15 }
16 location /ok {
17 alias /usr/share/nginx/yes;
18indexindex.html;
19 }
20 }
21 [root@nginx01 ~]# mkdir -p /usr/share/nginx/{base,blog,yes}
22 [root@nginx01 ~]# echo '<h1>www</h1>' > /usr/share/nginx/base/index.html
23 [root@nginx01 ~]# echo '<h1>blog</h1>' > /usr/share/nginx/blog/index.html
24 [root@nginx01 ~]# echo '<h1>love</h1>' > /usr/share/nginx/blog/love.html
25 [root@nginx01 ~]# echo '<h1>yes</h1>' > /usr/share/nginx/yes/index.html
26 [root@nginx01 ~]# nginx -t -c /etc/nginx/nginx.conf #检查配置文件
27 [root@nginx01 ~]# nginx -s reload #重载配置文件
2.2 测试访问
2.3 Nginx配置错误页面
1 [root@nginx01 ~]# vi /etc/nginx/conf.d/base.conf2 server {
3 server_name base.linuxds.com;
4 location / {
5 root /usr/share/nginx/base;
6indexindex.html;
7 }
8 }
9
10 server {
11 server_name blog.linuxds.com;
12
13 error_page 404 403 500 502 503 504 /baseerror.html; #配置错误页
14 location /baseerror.html {
15 root /usr/share/nginx/html;
16 }
17
18 location / {
19 root /usr/share/nginx/blog;
20indexindex.html;
21 }
22 location /ok {
23 alias /usr/share/nginx/yes;
24indexindex.html;
25 }
26 }
27 [root@nginx01 ~]# echo '<h1>Error</h1>' > /usr/share/nginx/html/baseerror.html
28 [root@nginx01 ~]# nginx -t -c /etc/nginx/nginx.conf #检查配置文件
29 [root@nginx01 ~]# nginx -s reload #重载配置文件
2.4 测试Error
三 Nginx相关安全策略
3.1 禁止htaccess
1 location ~/\.ht {2 deny all;
3 }
3.2 禁止多个目录
1 location ~ ^/(picture|move)/ {2 deny all;
3 break;
4 }
3.3 禁止/data开头的文件
1 location ~ ^/data {2 deny all;
3 }
3.4 禁止单个目录
1 location /imxhy/images/ {2 deny all;
3 }
3.5 特定允许访问
1 root /usr/share/nginx/rewrite/;2 allow 208.97.167.194;
3 allow 222.33.1.2;
4 allow 231.152.49.4;
5 deny all;
6 auth_basic "xhy";
7 auth_basic_user_file htpasswd;
以上是 003.Nginx配置修改 的全部内容, 来源链接: utcz.com/a/58344.html
