Nginx优化和防盗链
一、在Centos01上安装Nginx,设置根目录/www/使用域名www.stz.con访问
1、在Centos01上安装Nginx依赖程序
1)挂载系统光盘配置本地yum仓库
[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos01 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos01 ~]# ls /etc/yum.repos.d/
local.repo
2)安装依赖程序
[root@centos01 ~]# yum -y install pcre-devel zlib-devel
3)创建管理Nginx用户
[root@centos01 ~]# useradd -M -s /sbin/nologin nginx
[root@centos01 ~]# umount /mnt/
2、配置安装Nginx服务
1)切换光盘
2)解压配置安装Nginx
[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos01 ~]# tar zxf /mnt/nginx-1.6.0.tar.gz -C /usr/src/
[root@centos01 ~]# cd /usr/src/nginx-1.6.0/
[root@centos01 nginx-1.6.0]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
3)编译安装
[root@centos01 nginx-1.6.0]# make && make install
4)优化nginx命令检查配置文件
[root@centos01 ~]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
[root@centos01 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf
syntax is ok
nginx: configuration file
/usr/local/nginx/conf/nginx.conf test is successful
3、设置Nginx服务器网站根目录设置主页修改配置文件
1)创建网站根目录设置主页
[root@centos01 ~]# mkdir /www
[root@centos01 ~]# echo "www.stz.com" > /www/index.html
2)备份主配置文件
[root@centos01 ~]# cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak
3)修改Nginx主配置文件
[root@centos01 ~]# vim
/usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
}
}
4)启动Nginx服务监听端口
[root@centos01 ~]# nginx
[root@centos01 ~]# netstat -anptu | grep nginx
tcp
0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3758/nginx: master
二、在Centos02上安装DNS使用域名访问Centos01上使用域名www.stz.com访问,Centos03使用yum安装apache使用域名www.benet.con访问
1、安装DNS服务设置开机自动启动
1)挂载系统盘安装DNS服务
[root@centos02 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos02 ~]# ls /mnt/
CentOS_BuildTag images
repodata
EFI isolinux RPM-GPG-KEY-CentOS-7
EULA LiveOS RPM-GPG-KEY-CentOS-Testing-7
GPL Packages TRANS.TBL
[root@centos02 ~]#
2)安装DNS服务
[root@centos02 ~]# rpm -ivh /mnt/Packages/bind-9.9.4-50.el7.x86_64.rpm
[root@centos02 ~]# rpm -ivh /mnt/Packages/bind-chroot-9.9.4-50.el7.x86_64.rpm
3)设置服务开机自启
[root@centos02 ~]# systemctl start named
[root@centos02 ~]# systemctl enable named
2、修改主配置文件和区域配置文件
1)修改DNS主配置文件
[root@centos02 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
};
zone "stz.com" IN {
type master;
file "/var/named/stz.com.zone";
};
zone "benet.com" IN {
type master;
file "/var/named/benet.com.zone";
};
2)检查主配置文件是否错误
[root@centos02 ~]# named-checkconf /etc/named.conf
3)修改区域配置文件
[root@centos02 ~]# vim /var/named/stz.com.zone
$TTL 86400
@ SOA stz.com. root.stz.co
m. (
2022021910
1H
15M
1W
1D
)
@ NS centos02.stz.com.
centos02 A 192.168.100.20
www A 192.168.100.10
[root@centos02 ~]# vim /var/named/benet.com.zone
$TTL 86400@ SOA benet.com. root.benet.com. (
2022021910
1H
15M
1W
1D
)
@ NS centos02.benet.com.
centos02 A 192.168.100.20
www A 192.168.100.30
4)检查区域配置文件是否错误
[root@centos02 ~]# named-checkzone stz.com /var/named/stz.com.zone
zone stz.com/IN: loaded serial 2022021910
OK
[root@centos02 ~]# named-checkzone benet.com /var/named/benet.com.zone
zone benet.com/IN: loaded serial 2022021910
OK
3、启动DNS服务查看服务运行状态
1)启动DNS服务
[root@centos02 ~]# systemctl start named
[root@centos02 ~]# systemctl enable named
2)查看服务运行状态
[root@centos02 ~]# netstat -anptu | grep named
tcp
0 0 192.168.100.20:53 0.0.0.0:* LISTEN 2251/named
配置DNS在Centos01、Centos02、Centos03
[root@centos01 ~]# vin /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
DNS1=192.168.100.20
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.20
NETMASK=255.255.255.0
DNS1=192.168.100.20
[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.30
NETMASK=255.255.255.0
DNS1=192.168.100.20
重启网卡
[root@centos01 ~]# systemctl restart network
[root@centos02 ~]# systemctl restart network
[root@centos03 ~]# systemctl restart network
4、在Centos03上使用yum安装apache设置网站主页客户端访问nginx和apache
1)挂载光盘配置本地yum仓库
[root@centos03 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos03 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos03 ~]# ls /etc/yum.repos.d/
local.repo
3)安装apache服务设置开机自动启动
[root@centos03 ~]# yum -y install httpd
[root@centos03 ~]# systemctl start httpd
[root@centos03 ~]# systemctl enable httpd
4)设置主页启动服务
[root@centos03 ~]# echo "www.benet.com" > /var/www/html/index.html
[root@centos03 ~]# systemctl restart httpd
5)查看apache服务运行状态
[root@centos03 ~]# netstat -anptu | grep httpd
tcp6
0 0 :::80 :::* LISTEN 2039/httpd
给客户端配置ip
6)客户端访问Nginx
7)客户端访问apache
三、在Nginx上配置 网站隐藏 Nginx 版本、查看 Nginx 管理用户、设置网页缓存、 配置日志切割、配置 Nginx 日志切割、设置超时时间
1、在Nginx网站服务配置将Nginx版本位置位IIS不显示版本号,查看Nginx进程用户
1)配置修改Nginx源代码位置版本信息‘
[root@centos01 ~]# vim/usr/src/nginx-1.6.0/src/core/nginx.h
13 #define NGINX_VERSION "7.0"
14 #define NGINX_VER "IIS/" NGINX_VERSION
15
16 #define NGINX_VAR "IIS"
[root@centos01 ~]# vim /usr/src/nginx-1.6.0/src/http/ngx_http_header_filter_module.c
49 static char ngx_http_server_string[] = "Server: IIS" CR LF;
2)关闭Nginx
[root@centos01 ~]# killall -I -QUIT nginx
3)重新配置Nginx编译安装nginx
[root@centos01 ~]# cd /usr/src/nginx-1.6.0/
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx
--with-http_stub_status_module
[root@centos01 nginx-1.6.0]# make
&& make install
4)启动Nginx
[root@centos01 ~]# nginx
[root@centos01 ~]# netstat -anptu | grep nginx
tcp
0 0 0.0.0.0:80 0.0.0.0:* LISTEN 45793/nginx: master
6)查看伪装的Nginx版本
7)修改Nginx主配置隐藏版本
[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_tokens off;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log
logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
}
}
8)停止服务在启动Nginx
[root@centos01 ~]# killall -I -QUIT nginx
[root@centos01 ~]# nginx
9)客户端验证
10)管理Nginx服务进程用户
[root@centos01 ~]# ps -ef | grep nginx root
45889 1 0 20:06 ? 00:00:00 nginx: master process nginx
nginx
45890 45889 0 20:06 ? 00:00:00 nginx: worker process
root
45912 941 0 20:08 pts/1 00:00:00 grep --color=auto nginx
2、在Nginx网站服务器配置网页缓存时间
1)修改nginx主配置文件
[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf
location ~ \.(gif|jpg|jpeg|png|bmp|swf)$ {
root /www;
index index.html index.htm;
expires 1d;
}
2)上传一张图片
2)客户端访问验证
3、配置Nginx日志切割
1)创建目录存储切割日志数据
[root@centos01 ~]# mkdir /nginx_log
2)创建日志切割脚本
[root@centos01 ~]# vim /opt/nginx_log_bak.sh
#!/bin/bash
# Filename: fenge.sh
d=$(date -d "-1 day" "+%Y%m%d")
logs_path="/nginx_log/"pid_path="/usr/local/nginx/logs/nginx.pid"
[ -d $logs_path ] || mkdir -p $logs_path
mv /usr/local/nginx/logs/www.stz.com.access.log ${logs_path}/www.stz.com.access.log-$d
kill -USR1 $(cat $pid_path)
find $logs_path -mtime +30 |xargs rm -rf
3)添加执行权限
[root@centos01 ~]# chmod +x /opt/nginx_log_bak.sh
4)设置计划任务备份nginx日志,每间隔两分钟备份一次日志
[root@centos01 ~]# crontab -e
*/2 * * * * /opt/nginx_log_bak.sh
5)查看生成的日志
4、设置nginx网站服务器保持时间和进程优化
1)修改Nginx主配置文件保持时间和进程优化
[root@centos01 ~]# vim
/usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 2;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 10;
client_header_timeout 15;
client_body_timeout 15;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
}
}
2)重新启动Nginx
[root@centos01 ~]# killall -I -QUIT nginx
[root@centos01 ~]# nginx
3)查看启动nginx进程·
[root@centos01 ~]# ps -ef | grep nginx root
46684 1 0 20:55 ? 00:00:00 nginx: master process nginx
nginx
46685 46684 0 20:55 ? 00:00:00 nginx: worker process
nginx
46686 46684 0 20:55 ? 00:00:00 nginx: worker process
root
46688 941 0 20:55 pts/1 00:00:00 grep --color=auto nginx
5、配置nginx压缩数据
1)修改主配置文件压缩数据
[root@centos01 ~]# vim
/usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 2;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 10;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
}
}
2)重新启动nginx服务
[root@centos01 ~]# killall -I -QUIT nginx
[root@centos01 ~]# nginx
3)查看配置压缩数据
6、配置Nginx防盗链
1)上传错误图片
2)设置nginx网站图片
[root@centos01 www]# vim index.html
www.stz.com <img src="./src.jpg" />
3)访问nginx图片
4)设置apache盗用Nginx链接
[root@centos03 ~]# vim /var/www/html/index.html
www.benet.com<br/>
<img src="http://www.stz.com/logo.jpg" />
5)访问apache
6)配置nginx配置防盗链
[root@centos01 ~]# vim
/usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 2;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
location ~* \.(jpg|gif|swf)$ {
valid_referers none blocked *.stz.com stz.com;
if ($invalid_referer) {
rewrite ^/ http://www.stz.com/th.jfif;
}
}
}
}
7)重启服务
[root@centos01 ~]# killall -I -QUIT nginx
[root@centos01 ~]# nginx
8)客户端验证