一步一步教你Nginx优化和防盗链

时间:2023-02-19 22:11:37

       Nginx优化和防盗链

一、在Centos01上安装Nginx,设置根目录/www/使用域名www.stz.con访问

1、在Centos01上安装Nginx依赖程序

1)挂载系统光盘配置本地yum仓库

[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos01 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos01 ~]# ls /etc/yum.repos.d/
local.repo

2)安装依赖程序

[root@centos01 ~]# yum -y install pcre-devel zlib-devel

3)创建管理Nginx用户

[root@centos01 ~]# useradd -M -s /sbin/nologin nginx
[root@centos01 ~]# umount /mnt/

2、配置安装Nginx服务

1)切换光盘

一步一步教你Nginx优化和防盗链

2)解压配置安装Nginx

[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos01 ~]# tar zxf /mnt/nginx-1.6.0.tar.gz -C /usr/src/
[root@centos01 ~]# cd /usr/src/nginx-1.6.0/
[root@centos01 nginx-1.6.0]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module

3)编译安装

[root@centos01 nginx-1.6.0]# make && make install

4)优化nginx命令检查配置文件

[root@centos01 ~]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
[root@centos01 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf
syntax is ok
nginx: configuration file
/usr/local/nginx/conf/nginx.conf test is successful

3、设置Nginx服务器网站根目录设置主页修改配置文件

1)创建网站根目录设置主页

[root@centos01 ~]# mkdir /www
[root@centos01 ~]# echo "www.stz.com" > /www/index.html

2)备份主配置文件

[root@centos01 ~]# cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bak

3)修改Nginx主配置文件

[root@centos01 ~]# vim
/usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
}
}

4)启动Nginx服务监听端口

[root@centos01 ~]# nginx
[root@centos01 ~]# netstat -anptu | grep nginx
tcp
0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3758/nginx: master

二、在Centos02上安装DNS使用域名访问Centos01上使用域名www.stz.com访问,Centos03使用yum安装apache使用域名www.benet.con访问

1、安装DNS服务设置开机自动启动

1)挂载系统盘安装DNS服务

[root@centos02 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos02 ~]# ls /mnt/
CentOS_BuildTag images
repodata
EFI isolinux RPM-GPG-KEY-CentOS-7
EULA LiveOS RPM-GPG-KEY-CentOS-Testing-7
GPL Packages TRANS.TBL
[root@centos02 ~]#

2)安装DNS服务

[root@centos02 ~]# rpm -ivh /mnt/Packages/bind-9.9.4-50.el7.x86_64.rpm
[root@centos02 ~]# rpm -ivh /mnt/Packages/bind-chroot-9.9.4-50.el7.x86_64.rpm

3)设置服务开机自启

[root@centos02 ~]# systemctl start named
[root@centos02 ~]# systemctl enable named

2、修改主配置文件和区域配置文件

1)修改DNS主配置文件

[root@centos02 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
};
zone "stz.com" IN {
type master;
file "/var/named/stz.com.zone";
};
zone "benet.com" IN {
type master;
file "/var/named/benet.com.zone";
};

2)检查主配置文件是否错误

[root@centos02 ~]# named-checkconf /etc/named.conf

3)修改区域配置文件

[root@centos02 ~]# vim /var/named/stz.com.zone
$TTL 86400
@ SOA stz.com. root.stz.co
m. (
2022021910
1H
15M
1W
1D
)
@ NS centos02.stz.com.
centos02 A 192.168.100.20
www A 192.168.100.10
[root@centos02 ~]# vim /var/named/benet.com.zone
$TTL 86400@ SOA benet.com. root.benet.com. (
2022021910
1H
15M
1W
1D
)
@ NS centos02.benet.com.
centos02 A 192.168.100.20
www A 192.168.100.30

4)检查区域配置文件是否错误

[root@centos02 ~]# named-checkzone stz.com /var/named/stz.com.zone 
zone stz.com/IN: loaded serial 2022021910
OK
[root@centos02 ~]# named-checkzone benet.com /var/named/benet.com.zone
zone benet.com/IN: loaded serial 2022021910
OK

3、启动DNS服务查看服务运行状态

1)启动DNS服务

[root@centos02 ~]# systemctl start named
[root@centos02 ~]# systemctl enable named

2)查看服务运行状态

[root@centos02 ~]# netstat -anptu | grep named
tcp
0 0 192.168.100.20:53 0.0.0.0:* LISTEN 2251/named

配置DNS在Centos01、Centos02、Centos03

[root@centos01 ~]# vin /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
DNS1=192.168.100.20
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.20
NETMASK=255.255.255.0
DNS1=192.168.100.20
[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.30
NETMASK=255.255.255.0
DNS1=192.168.100.20

重启网卡

[root@centos01 ~]# systemctl restart network
[root@centos02 ~]# systemctl restart network
[root@centos03 ~]# systemctl restart network

4、在Centos03上使用yum安装apache设置网站主页客户端访问nginx和apache

1)挂载光盘配置本地yum仓库

[root@centos03 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos03 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos03 ~]# ls /etc/yum.repos.d/
local.repo

3)安装apache服务设置开机自动启动

[root@centos03 ~]# yum -y install httpd
[root@centos03 ~]# systemctl start httpd
[root@centos03 ~]# systemctl enable httpd

4)设置主页启动服务

[root@centos03 ~]# echo "www.benet.com" > /var/www/html/index.html 
[root@centos03 ~]# systemctl restart httpd

5)查看apache服务运行状态

[root@centos03 ~]# netstat -anptu | grep httpd
tcp6
0 0 :::80 :::* LISTEN 2039/httpd

给客户端配置ip

一步一步教你Nginx优化和防盗链

6)客户端访问Nginx

一步一步教你Nginx优化和防盗链

7)客户端访问apache

一步一步教你Nginx优化和防盗链

三、在Nginx上配置 网站隐藏 Nginx 版本、查看 Nginx 管理用户、设置网页缓存、 配置日志切割、配置 Nginx 日志切割、设置超时时间

1、在Nginx网站服务配置将Nginx版本位置位IIS不显示版本号,查看Nginx进程用户

1)配置修改Nginx源代码位置版本信息‘

[root@centos01 ~]# vim/usr/src/nginx-1.6.0/src/core/nginx.h
13 #define NGINX_VERSION "7.0"
14 #define NGINX_VER "IIS/" NGINX_VERSION
15
16 #define NGINX_VAR "IIS"
[root@centos01 ~]# vim /usr/src/nginx-1.6.0/src/http/ngx_http_header_filter_module.c
49 static char ngx_http_server_string[] = "Server: IIS" CR LF;

2)关闭Nginx

[root@centos01 ~]# killall -I -QUIT nginx

3)重新配置Nginx编译安装nginx

[root@centos01 ~]# cd /usr/src/nginx-1.6.0/
[root@centos01 nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx
--with-http_stub_status_module
[root@centos01 nginx-1.6.0]# make
&& make install

4)启动Nginx

[root@centos01 ~]# nginx
[root@centos01 ~]# netstat -anptu | grep nginx
tcp
0 0 0.0.0.0:80 0.0.0.0:* LISTEN 45793/nginx: master

6)查看伪装的Nginx版本

一步一步教你Nginx优化和防盗链

7)修改Nginx主配置隐藏版本

[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf   
worker_connections 1024;
}
http {

include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_tokens off;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log
logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
}
}

  

8)停止服务在启动Nginx

[root@centos01 ~]# killall -I -QUIT nginx
[root@centos01 ~]# nginx

9)客户端验证

一步一步教你Nginx优化和防盗链

10)管理Nginx服务进程用户

[root@centos01 ~]# ps -ef | grep nginx root     
45889 1 0 20:06 ? 00:00:00 nginx: master process nginx
nginx
45890 45889 0 20:06 ? 00:00:00 nginx: worker process
root
45912 941 0 20:08 pts/1 00:00:00 grep --color=auto nginx

2、在Nginx网站服务器配置网页缓存时间

1)修改nginx主配置文件

[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf   
location ~ \.(gif|jpg|jpeg|png|bmp|swf)$ {
root /www;
index index.html index.htm;
expires 1d;
}

2)上传一张图片

一步一步教你Nginx优化和防盗链

2)客户端访问验证

 

一步一步教你Nginx优化和防盗链

一步一步教你Nginx优化和防盗链

3、配置Nginx日志切割

1)创建目录存储切割日志数据

[root@centos01 ~]# mkdir /nginx_log

2)创建日志切割脚本

[root@centos01 ~]# vim /opt/nginx_log_bak.sh
#!/bin/bash
# Filename: fenge.sh
d=$(date -d "-1 day" "+%Y%m%d")
logs_path="/nginx_log/"pid_path="/usr/local/nginx/logs/nginx.pid"
[ -d $logs_path ] || mkdir -p $logs_path
mv /usr/local/nginx/logs/www.stz.com.access.log ${logs_path}/www.stz.com.access.log-$d
kill -USR1 $(cat $pid_path)
find $logs_path -mtime +30 |xargs rm -rf

3)添加执行权限

[root@centos01 ~]# chmod +x /opt/nginx_log_bak.sh

4)设置计划任务备份nginx日志,每间隔两分钟备份一次日志

[root@centos01 ~]# crontab -e
*/2 * * * * /opt/nginx_log_bak.sh

5)查看生成的日志

一步一步教你Nginx优化和防盗链

4、设置nginx网站服务器保持时间和进程优化

1)修改Nginx主配置文件保持时间和进程优化

[root@centos01 ~]# vim
/usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 2;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 10;
client_header_timeout 15;
client_body_timeout 15;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
}
}

2)重新启动Nginx

[root@centos01 ~]# killall -I -QUIT nginx
[root@centos01 ~]# nginx

3)查看启动nginx进程·

[root@centos01 ~]# ps -ef | grep nginx root     
46684 1 0 20:55 ? 00:00:00 nginx: master process nginx
nginx
46685 46684 0 20:55 ? 00:00:00 nginx: worker process
nginx
46686 46684 0 20:55 ? 00:00:00 nginx: worker process
root
46688 941 0 20:55 pts/1 00:00:00 grep --color=auto nginx

5、配置nginx压缩数据

1)修改主配置文件压缩数据

[root@centos01 ~]# vim
/usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 2;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 10;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
}
}

2)重新启动nginx服务

[root@centos01 ~]# killall -I -QUIT nginx
[root@centos01 ~]# nginx

3)查看配置压缩数据

一步一步教你Nginx优化和防盗链

6、配置Nginx防盗链

1)上传错误图片

一步一步教你Nginx优化和防盗链

2)设置nginx网站图片

[root@centos01 www]# vim index.html
www.stz.com <img src="./src.jpg" />

3)访问nginx图片

一步一步教你Nginx优化和防盗链

4)设置apache盗用Nginx链接

[root@centos03 ~]# vim /var/www/html/index.html
www.benet.com<br/>
<img src="http://www.stz.com/logo.jpg" />

5)访问apache

一步一步教你Nginx优化和防盗链

6)配置nginx配置防盗链

[root@centos01 ~]# vim
/usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 2;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
server {
listen 80;
server_name www.stz.com;
charset utf-8;
access_log logs/www.stz.com.access.log;
location / {
root /www;
index index.html index.htm;
}
location ~* \.(jpg|gif|swf)$ {
valid_referers none blocked *.stz.com stz.com;
if ($invalid_referer) {
rewrite ^/ http://www.stz.com/th.jfif;
}
}

}
}

7)重启服务

[root@centos01 ~]# killall -I -QUIT nginx
[root@centos01 ~]# nginx

8)客户端验证

一步一步教你Nginx优化和防盗链

一步一步教你Nginx优化和防盗链