Nginx优化与防盗链

时间:2023-02-21 17:15:48

Nginx优化与防盗链

拓扑图:

Nginx优化与防盗链

推荐步骤:

1、在Centos01上安装Nginx,设置网站根目录/www使用域名​​www.huhu.com​​访问

2、在Centos02上安装DNS使用域名访问Centos01上使用域名​​www.huhu.com​​​访问,Centos03使用yum安装apache使用域名​​www.huyan.com​​访问

3、在​​www.huhu.com域名的网站隐藏Nginx​​版本、查看Nginx管理用户、设置网页缓存、配置日志切割、配置Nginx日志切割、设置超时时间

4、在​​www.huhu.com​​​网站配置防盗链防止​​www.huyan.com​​​盗​​www.huhu.com​​的连接

一、在Centos01上安装Nginx,设置网站根目录/www使用域名www.huhu.com访问

1、挂载Centos7系统光盘

[root@centos01 ~]# mount /dev/cdrom /mnt/]()

mount: /dev/sr0 写保护,将以只读方式挂载

2、创建nginx管理账户

[root@centos01 ~]# useradd -M -s /sbin/nologin nginx

3、传输nginx1.16.1文件

[root@centos01 ~]# rz

z waiting to receive.**B0100000023be50

4、安装依赖文件

[root@centos01 ~]# yum -y install pcre-devel zlib-devel

5、解压nginx配置文件

[root@centos01 ~]# yum -y install pcre-devel zlib-devel

6、修改源代码程序

[root@centos01 ~]# vim /usr/src/nginx-1.16.1/src/core/nginx.h

13 #define NGINX_VERSION "7.0"

14 #define NGINX_VER "IIS/" NGINX_VERSION

22 #define NGINX_VAR "IIS"

7、修改Nginx数据包请求头部

[root@centos01 ~]# vim/usr/src/nginx-1.16.1/src/http/ngx_http_header_filter_module.c

49 static u_char ngx_http_server_string[] = "Server: IIS" CRLF;li

8、配置Nginx

[root@centos01 ~]# cd /usr/src/nginx-1.16.1/

[root@centos01 nginx-1.16.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module

9、编译安装Nginx

[root@centos01 nginx-1.16.1]# make && make install

10、优化命令

[root@centos01 nginx-1.16.1]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/

[root@centos01 nginx-1.16.1]# cd

[root@centos01 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

11、创建网站根目录www 设置网站主页

[root@centos01 ~]# mkdir /www/

[root@centos01 ~]# echo "www.huhu.com" > /www/index.html

二、在Centos03上安装DNS使用域名访问Centos01上使用域名​​www.huhu.com​​​访问,Centos02使用yum安装apache使用域名​​www.huyan.com​​访问

1、01、02、03配置DNS

1)centos01配置DNS,重启网卡服务

[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32

[root@centos01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet

BOOTPROTO=static

NAME=ens32

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.100.10

NATMACK=255.255.255.0

DNS1=192.168.100.30



[root@centos01 ~]# systemctl restart network

[root@centos01 ~]# cat /etc/resolv.conf

\# Generated by NetworkManager

nameserver 192.168.100.30

2)centos02配置DNS 重启网卡服务

[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32

[root@centos02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet

BOOTPROTO=static

NAME=ens32

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.100.20

NATMACK=255.255.255.0

DNS1=192.168.100.30



[root@centos02 ~]# systemctl restart network

[root@centos02 ~]# cat /etc/resolv.conf

\# Generated by NetworkManager

nameserver 192.168.100.30

3)centos03配置DNS 重启网卡服务

[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32

[root@centos03 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet

BOOTPROTO=static

NAME=ens32

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.100.30

NATMACK=255.255.255.0

DNS1=192.168.100.30

[root@centos03 ~]# systemctl restart network

[root@centos03 ~]# cat /etc/resolv.conf

\# Generated by NetworkManager

nameserver 192.168.100.30

2、挂载centos7系统光盘 安装DNS

[root@centos03 ~]# mount /dev/cdrom /mnt/

mount: /dev/sr0 写保护,将以只读方式挂载

[root@centos03 ~]# ls /mnt/

CentOS_BuildTag EULA images LiveOS repodata RPM-GPG-KEY-CentOS-Testing-7

EFI GPL isolinux Packages RPM-GPG-KEY-CentOS-7 TRANS.TBL

root@centos03 ~]# rpm -ivh /mnt/Packages/bind-9.9.4-50.el7.x86_64.rpm

[root@centos03 ~]# rpm -ivh /mnt/Packages/bind-chroot-9.9.4-50.el7.x86_64.rpm

3、配置DNS主配置文件

[root@centos03 ~]# echo "" > /etc/named.conf

[root@centos03 ~]# vim /etc/named.conf

options {

listen-on port 53 { any; };

directory "/var/named/";

};

zone "huhu.com" IN {

type master;

file "/var/named/huhu.com.zone";

};

zone "huyan.com" IN {

type master;

file "/var/named/huyan.com.zone";

};

4、配置DNS区域配置文件 第一台服务器

[root@centos03 ~]# vim /var/named/huhu.com.zone

$TTL 86400

@ SOA huhu.com. root.huhu.com. (

2023021015

1H

15M

1W

1D

)

@ NS centos03.huhu.com.

centos03 A 192.168.100.30

www A 192.168.100.10

[root@centos03 ~]# named-checkzone huhu.com /var/named/huhu.com.zone

zone huhu.com/IN: loaded serial 2023021015

OK

5、配置第二台DNS区域配置文件

[root@centos03 ~]# vim /var/named/huyan.com.zone

$TTL 86400

@ SOA huyan.com. root.huyan.com. (

2023021015

1H

15M

1W

1D

)

@ NS centos03.huyan.com.

centos03 A 192.168.100.30

www A 192.168.100.20

[root@centos03 ~]# named-checkzone huyan.com /var/named/huyan.com.zone

zone huyan.com/IN: loaded serial 2023021015

OK

6、启动DNS服务监听端口

[root@centos03 ~]# systemctl stop named

[root@centos03 ~]# systemctl start named

[root@centos03 ~]# netstat -anptu | grep named

tcp 0 0 192.168.100.30:53 0.0.0.0:* LISTEN 2430/named

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2430/named

tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2430/named

tcp6 0 0 ::1:953 :::* LISTEN 2430/named

udp 0 0 192.168.122.1:53 0.0.0.0:* 2430/named

udp 0 0 192.168.100.30:53 0.0.0.0:* 2430/named

udp 0 0 127.0.0.1:53 0.0.0.0:* 2430/named

7、​​验证访问www.huhu.com​

Nginx优化与防盗链

8、挂centos7系统光盘 yum安装apache

[root@centos02 ~]# mount /dev/cdrom /mnt/

mount: /dev/sr0 写保护,将以只读方式挂载

[root@centos02 ~]# ls mn

ls: 无法访问mn: 没有那个文件或目录

[root@centos02 ~]# ls /mnt/

CentOS_BuildTag EFI EULA GPL images isolinux LiveOS Packages repodata RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-CentOS-Testing-7 TRANS.TBL

[root@centos02 ~]# yum -y install httpd

9、设置开机自启 设置网站主页

[root@centos02 ~]# systemctl restart httpd

[root@centos02 ~]# systemctl enable httpd

Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[root@centos02 ~]# echo "www.huyan.com" > /var/www/html/index.html

10、​​验证访问www.huyan.com​

Nginx优化与防盗链

三、在​​www.huhu.com域名的网站隐藏Nginx​​版本、查看Nginx管理用户、设置网页缓存、配置日志切割、配置Nginx日志切割、设置超时时间

1、隐藏版本和优化管理Nginx进程用户 修改Nginx主配置文件

vim /usr/local/nginx/conf/nginx.conf

user nginx;

worker_processes 1;

pid logs/nginx.pid;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server_tokens Off;

server {

listen 192.168.100.10:80;

server_name www.huhu.com;

charset utf-8;

access_log logs/www.huhu.com.access.log;



location / {

root /www/;

index index.html index.htm;

}

}

}



[root@centos01 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

2、查看Nginx进程

[root@centos01 ~]# ps -ef | grep nginx

root 5469 1 0 00:03 ? 00:00:00 nginx: master process nginx

nginx 5470 5469 0 00:03 ? 00:00:00 nginx: worker process

root 5472 1186 0 00:03 pts/0 00:00:00 grep --color=auto nginx

3、验证隐藏版本

Nginx优化与防盗链

4、设置网页缓存时间 修改Nginx主配置文件支持图片缓存

[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf

user nginx;

worker_processes 1;

pid logs/nginx.pid;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server_tokens Off;

server {

listen 192.168.100.10:80;

server_name www.huhu.com;

charset utf-8;

access_log logs/www.huhu.com.access.log;

location ~ \.(gif|jpg|png|jpeg|bmp|swf)$ {

root /www;

expires 1d;

}

location / {

root /www;

index index.html index.htm;

}

}

}



[root@centos01 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

5、设置网页加载图片

[root@centos01 ~]# cd /www/

[root@centos01 www]# rz

[root@centos01 www]# ls

index.html logo.jpg

6、重启Nginx服务

[root@centos01 www]# killall nginx

[root@centos01 www]# killall nginx

nginx: no process found

[root@centos01 www]# nginx

[root@centos01 www]# cd

7、验证网页缓存

Nginx优化与防盗链

Nginx优化与防盗链

8、配置Nginx日志切割、设置超时时间 创建存储日志切割目录

[root@centos01 ~]# mkdir /nginx_log

9、编写日志切割脚本

[root@centos01 ~]# vim /opt/nginx_log_.sh

\#!/bin/bash

d=$(date -d "-1 day" "+%Y%m%d")

logs_path="/nginx_log/"

pid_path="/usr/local/nginx/logs/nginx.pid"

[ -d $logs_path ] || mkdir -p $logs_path

mv /usr/local/nginx/logs/www.huhu.com.access.log ${logs_path}/www.huhu.com-access.log-$d

kill -USR1 $(cat $pid_path)

find $logs_path -mtime +30 |xargs rm -rf

10、添加执行权限

[root@centos01 ~]# chmod +x /opt/nginx_log_.sh

11、执行脚本

[root@centos01 ~]# sh /opt/nginx_log_.sh

12、验证切割

[root@centos01 ~]# ls /nginx_log/

www.huhu.com-access.log-20230210

13、编辑计划任务,十分钟切割一次

[root@centos01 ~]# crontab -e

*/10 * * * * /opt/nginx_log_.sh

14、验证Nginx日志切割

Nginx优化与防盗链

15、优化Nginx保持连接 修改Nginx主配置文件

[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf

user nginx;

worker_processes 2;

pid logs/nginx.pid;

events {

worker_connections 2048;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 5;

server_tokens Off;

client_header_timeout 5;

client_body_timeout 5;

server {

listen 192.168.100.10:80;

server_name www.huhu.com;

charset utf-8;

access_log logs/www.huhu.com.access.log;

location ~ \.(gif|jpg|png|jpeg|bmp|swf)$ {

root /www;

expires 1d;

}

location / {

root /www;

index index.html index.htm;

}

}

}

16、重新启动Nginx

[root@centos01 ~]# killall nginx

[root@centos01 ~]# killall nginx

nginx: no process found

[root@centos01 ~]#

[root@centos01 ~]# nginx

17、验证优化Nginx保持连接

[root@centos01 ~]# curl -I www.huhu.com

HTTP/1.1 200 OK

Server: IIS

Date: Fri, 10 Feb 2023 16:45:44 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Last-Modified: Fri, 10 Feb 2023 14:56:16 GMT

Connection: keep-alive

ETag: "63e65b10-d"

Accept-Ranges: bytes

四、在​​www.huhu.com​​​网站配置防盗链防止​​www.huyan.com​​​盗​​www.huhu.com​​的连接

1、上传错误图片

[root@centos01 ~]# cd /www/

[root@centos01 www]# ls
index.html  logo.jpg

[root@centos01 www]# rz

z waiting to receive.**B0100000023be50

[root@centos01 www]# ls

error.png index.html logo.jpg

2、修改Nginx主配置文件

user  nginx;

worker_processes 2;

pid logs/nginx.pid;

events {

worker_connections 2048;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

server {

listen 192.168.100.10:80;

server_name www.huhu.com;

charset utf-8;

access_log logs/www.huhu.com.access.log;

location ~* \.(gif|jpg|swf)$ {

valid_referers none blocked *.huhu.com huhu.com;

if ($invalid_referer) {

rewrite ^/ http://www.huhu.com/error.png;

}

}

location / {

root /www;

index index.html index.htm;

}

}

}

[root@centos01 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

3、重新启动服务

[root@centos01 ~]# killall nginx

[root@centos01 ~]# killall nginx

nginx: no process found

[root@centos01 ~]# nginx

4、centos02模拟盗取centos01链接

[root@centos02 ~]# vim /var/www/html/index.html

www.huyan.com

<img src="http://www.huhu.com/logo.jpg" />

Nginx优化与防盗链

重启服务

[root@centos02 ~]# systemctl restart httpd

5、验证防盗链

Nginx优化与防盗链

6、centos01图片

Nginx优化与防盗链

Created By Henry 共同学习 共同进步. 点赞收藏加关注.