nginx基本配置语法
1.http相关
展示每次请求的请求头: curl -v http://www.baidu.com
2.nginx日志类型
- error.log、 access.log
- log_format
*格式*
syntax: log_format name [escape=default | json] string...;
default: log_format combined "...";
context:http
3.nginx变量
nginx配置的内容:
worker_processes 1;
pid /var/run/nginx.pid;
worker_connections 1024;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
- http请求变量:arg_PARAMETER,http_header,sent_http_header
- 内置变量:nginx内置的
- 自定义变量: 自己定义
4.nginx模块
- nginx官方模块
- 第三方模块
nginx开启的模块:
5.安装编译模块
| 编译选项 | 作用 |
|---|---|
| --with-http_stub_status_module | nginx的客户端状态 |
| --with-http_random_index_module | 目录中选择一个随机主页 |
| --with-http_sub_module | http内容替换 |
| --limit_conn_module | 连接频率限制 |
| --limit_req_module | 请求频率限制 |
| http_access_module | 基于ip的访问控制 |
| http_auth_basic_module | 基于用户的信任登录 |
5.1 http_stub_status_module 配置(nginx的客户端状态)
配置语法:
syntax: stub_status;
default:-
context:server, location
在default.conf中添加:
# my config
location /mystatus {
stub_status;
}
检查和重新启动配置:
nginx -tc /etc/nginx/nginx.conf
重启服务:
nginx -s reload -c /etc/nginx/nginx.conf
5.2 http_random_index_module(目录中选择一个随机主页)
default:random_index off;
context:location
root /usr/share/nginx/html;
index index.html index.htm;
}
root /usr/share/nginx/html;
random_index on;
#index index.html index.htm;
}
5.3 http_sub_module (http内容替换)
配置语法:
syntax: sub_filter string replacement;
default:-
context:http,server,location
syntax: sub_filter_last_modified on | off (重要用户缓存)
default: sub_filter_last_modified off;
context: http,server,location
syntax: sub_filter_once on | off
default: sub_filter_once on;
context: http,server,location
5.4 limit_conn_module(连接频率限制)
配置语法:syntax: limit_conn_zone key zone=name:size;
default:-
context:http syntax:limit_conn zone number;
default:-
context:http, server, location
5.5 limit_req_module (请求频率限制)
配置语法:
syntax: limit_req_zone key zone=name:size rate=rate;
default: -
context: http
limit_req_zone $binary_remote_addr zone=req_zone:1m rate=1r/s;
5.6 http_access_module(基于ip的访问控制)
配置语法:
syntax: allow address | CIDR | unix: | all
default:-
context:http,server,location,limit_except
syntax:deny address | CIDR | unix: | all
default:-
context:http, server, location ,limit_except
测试 配置如下:
location ~ ^/admin.html {
root /opt/app/code;
deny all;
index index.html index.htm;
}
5.7
http_auth_basic_module(基于用户的信任登录)
配置语法:
syntax: auth_basic string | off;
default: -
context: http,server,location,limit_except
syntax: auth_basic_user_file file;
default: -
context: http, server, location ,limit_except
生成password文件:
htpasswd -c ./auth_conf feixia
修改conf文件:
root /opt/app/code;
auth_basic "please input you user name and passwd";
auth_basic_user_file /etc/nginx/auth_conf;
index index.html index.htm;
}
局限性
- 用户信息依赖文件方式
- 操作管理机械、效率低下
解决方案
- nginx 结合LUA实现高效验证
- nginx和LDAP打通,利用nginx-auth-ldap模块