本文主要是介绍Nginx参数详解以及部署实例(乱码盗链问题等),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
实验环境:
server6 nginx端 172.25.38.7
server5 apache端 172.25.38.6
可以下载图片:
[root@server6 logs]# cd /usr/local/lnmp/nginx/conf/
[root@server6 conf]# ls
cert.pem fastcgi_params.default mime.types.default scgi_params.default
fastcgi.conf koi-utf nginx.conf uwsgi_params
fastcgi.conf.default koi-win nginx.conf.default uwsgi_params.default
fastcgi_params mime.types scgi_params win-utf
[root@server6 conf]# vim nginx.conf
limit_conn_zone $binary_remote_addr zone=addr:10m;server {listen 80;server_name localhost;#charset koi8-r;#access_log logs/host.access.log main;location / {root html;#root /usr/local/tomcat/webapps/ROOT/;index index.php index.html index.htm;}location /download/ { 建立一个访问目录limit_conn addr 1;}
[root@server6 conf]# nginx -s reload
[root@server6 conf]# cd ..
[root@server6 nginx]# cd html/
[root@server6 html]# cd download/ 在默认访问目录下放一个图片
[root@server6 download]# ls
vim.jpg
在网页测试:
做一个压力测试:
[root@foundation38 Desktop]# ab -c1 -n 10 http://172.25.38.7/download/vim.jpg 单线程测试
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking 172.25.38.7 (be patient).....doneServer Software: nginx/
Server Hostname: 172.25.38.7
Server Port: 80Document Path: /download/vim.jpg
Document Length: 453575 bytesConcurrency Level: 1
Time taken for tests: 0.011 seconds
Complete requests: 10
Failed requests: 0 没有失败的请求
Write errors: 0
Total transferred: 4538080 bytes
HTML transferred: 4535750 bytes
Requests per second: 885.90 [#/sec] (mean)
Time per request: 1.129 [ms] (mean)
Time per request: 1.129 [ms] (mean, across all concurrent requests)
Transfer rate: 392604.43 [Kbytes/sec] receivedConnection Times (ms)min mean[+/-sd] median max
Connect: 0 0 0.1 0 0
Processing: 1 1 0.2 1 1
Waiting: 0 0 0.0 0 0
Total: 1 1 0.2 1 1Percentage of the requests served within a certain time (ms)50% 166% 175% 180% 190% 195% 198% 199% 1100% 1 (longest request)
[root@foundation38 Desktop]# curl -I http://172.25.38.7/download/vim.jpg
HTTP/1.1 200 OK
Server: nginx/
Date: Wed, 08 Aug 2018 02:27:33 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Wed, 08 Aug 2018 02:15:53 GMT
Connection: keep-alive
ETag: "5b6a5259-6ebc7"
Accept-Ranges: bytes
由于线程设置是一所以均可以过去:
[root@server6 nginx]# cd logs/
[root@server6 logs]# cat access.log 查看日志所有数据均过去了
用十个线程进行测试:
[root@foundation38 Desktop]# ab -c10 -n 10 http://172.25.38.7/download/vim.jpg
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking 172.25.38.7 (be patient).....doneServer Software: nginx/
Server Hostname: 172.25.38.7
Server Port: 80Document Path: /download/vim.jpg
Document Length: 537 bytesConcurrency Level: 10
Time taken for tests: 0.002 seconds
Complete requests: 10
Failed requests: 1 有失败的请求(Connect: 0, Receive: 0, Length: 1, Exceptions: 0)
Write errors: 0
Non-2xx responses: 9
Total transferred: 460333 bytes
HTML transferred: 458408 bytes
Requests per second: 4587.16 [#/sec] (mean)
Time per request: 2.180 [ms] (mean)
Time per request: 0.218 [ms] (mean, across all concurrent requests)
Transfer rate: 206212.82 [Kbytes/sec] receivedConnection Times (ms)min mean[+/-sd] median max
Connect: 0 0 0.0 0 0
Processing: 0 1 0.4 1 2
Waiting: 0 1 0.4 1 1
Total: 1 1 0.4 1 2Percentage of the requests served within a certain time (ms)50% 166% 175% 180% 290% 295% 298% 299% 2100% 2 (longest request)
查看日志十个线程只可以过去一个其他的均报错503:
设置带宽:
[root@server6 conf]# vim nginx.conf
#gzip on;limit_conn_zone $binary_remote_addr zone=addr:10m;limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;server {listen 80;server_name localhost;#charset koi8-r;#access_log logs/host.access.log main;
location / {root html;index index.php index.html index.htm;}location /download/ {limit_conn addr 1;limit_rate 50k; 设置带宽每秒50k下载limit_req zone=one burst=5;}
[root@server6 conf]# nginx -s reload
真机测试加入了带宽下载时间会相应的变化图片大小440k:
[root@foundation38 Desktop]# time wget http://172.25.38.7/download/vim.jpg 没有加入带宽测试
--2018-08-08 10:52:32-- http://172.25.38.7/download/vim.jpg
Connecting to 172.25.38.7:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 453575 (443K) [image/jpeg]
Saving to: ‘vim.jpg.1’100%[=======================================================>] 453,575 --.-K/s in 0.001s 2018-08-08 10:52:32 (350 MB/s) - ‘vim.jpg.1’ saved [453575/453575]real 0m0.316s 时间很短就下载好了
user 0m0.000s
sys 0m0.004s
[root@foundation38 Desktop]# time wget http://172.25.38.7/download/vim.jpg 加入带宽之后
--2018-08-08 11:05:17-- http://172.25.38.7/download/vim.jpg
Connecting to 172.25.38.7:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 453575 (443K) [image/jpeg]
Saving to: ‘vim.jpg.2’100%[=======================================================>] 453,575 55.3KB/s in 8.0s 2018-08-08 11:05:25 (55.3 KB/s) - ‘vim.jpg.2’ saved [453575/453575]real 0m8.017s 时间相应的变化
user 0m0.003s
sys 0m0.004s
加入访问控制:
[root@server6 conf]# vim nginx.conf
location /admin/ {allow 172.25.38.250; 仅仅允许本机访问deny all;}
[root@server6 conf]# nginx -s reload
只有本机可以访问:
加入访问控制同一个网段可以访问:
[root@server6 conf]# vim nginx.conf
location /admin/ {allow 172.25.38.0/24; 仅仅允许本个网段访问deny all;}
[root@server6 conf]# nginx -s reload
静态文件的时间:
[root@server6 conf]# vim nginx.conf
location ~ .*\.(gif|jpg|png)$ {expires 30d; 默认存在时间30天}
[root@server6 conf]# nginx -s reload
[root@server6 conf]# cd ..
[root@server6 nginx]# cd html/
[root@server6 html]# ls
50x.html bbs example.php index.php readme
admin download index.html memcache.php utility
[root@server6 html]# cd download/
[root@server6 download]# ls
vim.jpg
[root@server6 download]# cp vim.jpg .. 更改图片路径直接为默认路径
[root@server6 download]# cd ..
[root@server6 html]# ls
50x.html bbs example.php index.php readme vim.jpg
admin download index.html memcache.php utility
在真机测试与设置的30天相符合:
[root@foundation38 Desktop]# curl -I http://172.25.38.7/vim.jpg
HTTP/1.1 200 OK
Server: nginx/
Date: Wed, 08 Aug 2018 04:54:53 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Wed, 08 Aug 2018 04:54:13 GMT
Connection: keep-alive
ETag: "5b6a7775-6ebc7"
Expires: Fri, 07 Sep 2018 04:54:53 GMT 九月七号失效
Cache-Control: max-age=2592000
Accept-Ranges: bytes
访问本机时直接报错500:
[root@server6 conf]# vim nginx.conf
server {listen 80;server_name _;return 500; 直接返回550
[root@server6 conf]# nginx -s reload
在网页访问就会报错550:
重定向:
[root@server6 conf]# vim nginx.conf
server {listen 80;server_name www.westos.org westos.org bbs.westos.org;#rewrite ^(.*)$ https://www.westos.org$1 permanent;#rewrite ^/bbs$ http://bbs.westos.org$1 permanent;#rewrite ^/bbs(.*)$ http://bbs.westos.org$1 permanent;if ($host = "bbs.westos.org" ){rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent; 访问bbs.westos.org重定向到http://www.westos.org/bbs}location / {root /www1;index index.html;}
}
[root@server6 conf]# nginx -s reload
访问bbs.westos.org会重定向:
中文乱码问题:
[root@server6 html]# ls
50x.html bbs example.php index.php readme vim.jpg
admin download index.html memcache.php utility
[root@server6 html]# cd /www1/
[root@server6 www1]# ls
bbs index.html
[root@server6 www1]# vim index.html
[root@server6 www1]# cat index.html
www.westos.org 你好
在网页测试会乱码:
修改配置文件:
[root@server6 www1]# vim /usr/local/lnmp/nginx/conf/nginx.conf
[root@server6 www1]# nginx -s reloadserver {listen 80;server_name www.westos.org westos.org bbs.westos.org;charset utf-8; 写入中文编码字符集#rewrite ^(.*)$ https://www.westos.org$1 permanent;#rewrite ^/bbs$ http://bbs.westos.org$1 permanent;#rewrite ^/bbs(.*)$ http://bbs.westos.org$1 permanent;if ($host = "bbs.westos.org" ){rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;}location / {root /www1;index index.html;}
}
在网页测试已经解决乱码:
复制日志,将访问图片等日志关闭:
[root@server6 www1]# vim /usr/local/lnmp/nginx/conf/nginx.conf 当访问图片等格式关闭日志
[root@server6 www1]# nginx -s reload
[root@server6 www1]# cd /usr/local/lnmp/nginx/
[root@server6 nginx]# cd logs/
[root@server6 logs]# ls
access.log error.log nginx.pid
[root@server6 logs]# ll
total 312
-rw-r--r-- 1 root root 274451 Aug 8 14:37 access.log
-rw-r--r-- 1 root root 27179 Aug 8 14:44 error.log
-rw-r--r-- 1 root root 5 Aug 8 10:12 nginx.pid
[root@server6 logs]# du -h access.log
276K access.log
[root@server6 logs]# date
Wed Aug 8 14:45:10 CST 2018
[root@server6 logs]# date +%F -d -1day
2018-08-07
[root@server6 logs]# cd /opt/
[root@server6 opt]# ls
[root@server6 opt]# vim nginx_log.sh
[root@server6 opt]# cat nginx_log.sh 编写脚本每晚十二点移动日志重载服务
#!/bin/bashcd /usr/local/lnmp/nginx/logs && mv access.log access.log_$(date +%F -d -1day)
/usr/local/lnmp/nginx/sbin/nginx -s reload
[root@server6 opt]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@server6 opt]# chmod +x /opt/nginx_log.sh 赋予执行权限
[root@server6 opt]# /opt/nginx_log.sh 调用脚本
nginx: [warn] conflicting server name "localhost" on 0.0.0.0:80, ignored
[root@server6 opt]# cd /usr/local/
[root@server6 local]# cd lnmp/nginx/logs/
[root@server6 logs]# ls 已经生成了复制日志
access.log access.log_2018-08-07 error.log nginx.pid
[root@server6 logs]# ll
total 312
-rw-r--r-- 1 root root 0 Aug 8 14:49 access.log
-rw-r--r-- 1 root root 274451 Aug 8 14:37 access.log_2018-08-07
-rw-r--r-- 1 root root 27596 Aug 8 14:52 error.log
-rw-r--r-- 1 root root 5 Aug 8 10:12 nginx.pid
重新打开一个虚拟机阿帕奇作提供访问界面:
[root@server5 ~]# yum install -y httpd 安装阿帕其
[root@server5 ~]# cd /var/www/html/
[root@server5 html]# ls
[root@server5 html]# vim index.html
[root@server5 html]# cat index.html 写入一个默认访问
www.westos.org
在网页测试可以看到默认访问页记得打开阿帕奇:
在nginx端默认访问放入照片:
[root@server6 www1]# pwd
/www1
[root@server6 www1]# ls
bbs index.html jisuxz_Dilraba_27.jpg
[root@server6 www1]#
在网页测试可以访问:
什么是盗链?
盗链是指服务提供商自己不提供服务的内容,通过技术手段绕过其它有
利益的最终用户界面(如广告),直接在自己的网站上向最终用户提供
其它服务提供商的服务内容,骗取最终用户的浏览和点击率。受益者不
提供资源或提供很少的资源,而真正的服务提供商却得不到任何的收益。
盗链的特点:
网站盗链会大量消耗被盗链网站的带宽,而真正的点击率也许会很小,
严重损害了被盗链网站的利益。早期的盗链一般是一些比较小的网站盗
取一些有实力的大网站的地址,盗链的目标比较有针对性,现如今,一
些大型的网站也已经开始把盗链的目光锁定在了整个互联网上,窃取整
个互联网上的其它机器的带宽。常见的盗链有以下几种:图片盗链、音频
盗链、视频盗链、文件盗链。
一般要被浏览的页面并不是一次全部传送到客户端的。如果客户请求的
是一个带有许多图片和其它信息的页面,那么最先的一个HTTP 请求被
传送回来的是这个页面的HTML文本,客户端浏览器对这段文本解释执行
后,发现其中还有其它文件,客户端浏览器会再发送一条或者更多HTTP
请求,当这些请求被处理后其它文件才被传送到客户端,然后浏览器将
这些文件放到页面的正确位置。一个完整的页面要经过发送多条HTTP
请求才能够被完整地显示。基于这样的机制,盗链就成为可能,服务提
供商完全可以在自己的页面中嵌入别人的链接,显示在自己的页面上,
以达到盗链的目的。
根据盗链的形式的不同,可以简单地把盗链分成两类:常规盗链和分布
式盗链。常规盗链比较初级,同时也比较常见,具有一定的针对性,只
盗用某个或某些网站的链接。技术含量不高,实现也比较简单,只需要
在自己的页面嵌入别人的链接即可。分布式盗链是盗链的一种新的形式,
系统设计复杂,难度相对较大。这种盗链一般不针对某一个网站,互联
网上任何一台机器都可能成为盗链的对象。服务提供商一般会在后台设
置专门程序(Spider)在Internet上抓取有用的链接, 然后存储到自己
的数据库中。而对于最终用户的每次访问,都将其转化为对已有数据库的
查询,被查询到的URL 就是被盗链的对象。由于对文件的访问已经被浏览
器屏蔽掉了,所以最终用户感觉不到所访问的链接是被盗取的链接。
在server5作盗链:
[root@server5 html]# vim index.html
[root@server5 html]# cat index.html 写入由网页转换脚本
<html><body><img src="http://www.westos.org/jisuxz_Dilraba_27.jpg"></body></html>
[root@server5 html]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.5 for ServerName[ OK ]
直接调用server5的ip就可以看到server6的内容:
真机加入一个解析:
[root@foundation38 Desktop]# vim /etc/hosts
[root@foundation38 Desktop]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.38.100 www.westos.org bbs.westos.org
172.25.38.6 www.westos.org bbs.westos.org bbs.westos.org daolian.westos.org
172.25.38.2 server1
172.25.38.3 server2
172.25.38.7 www.westos.org www.linux.org bbs.westos.org
网页调用域名可以查看图片:
在server6查看日志的时候,显示数据是从server5获取的,但显然不是,这样server5就可以一直给server6的服务器增加负载用来或取数据这就是盗链的意思
[root@server6 ~]# cd /usr/local/lnmp/nginx/logs/
[root@server6 logs]# cat access.log
172.25.38.250 - - [08/Aug/2018:15:08:23 +0800] "GET /jisuxz_Dilraba_27.jpg HTTP/1.1" 200 914410 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
172.25.38.250 - - [08/Aug/2018:16:34:45 +0800] "GET /jisuxz_Dilraba_27.jpg HTTP/1.1" 404 163 "http://172.25.38.6/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
172.25.38.250 - - [08/Aug/2018:16:35:34 +0800] "GET /jisuxz_Dilraba_27.jpg HTTP/1.1" 200 914410 "http://172.25.38.6/" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
在server6配置防止盗链:
[root@server6 logs]# vim /usr/local/lnmp/nginx/conf/nginx.conf
if ($host = "bbs.westos.org" ){rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;}location / {root /www1;index index.html;}location ~ \.(gif|jpg|png)$ {root /www1;valid_referers none blocked www.westos.org; 除了www.westos.org访问其他访问均返回403if ($invalid_referer) {return 403;}}
[root@server6 logs]# nginx -s reload
nginx: [warn] conflicting server name "localhost" on 0.0.0.0:80, ignored
在网页测试除了www.westos.org域名其他的均被阻挡:
给盗链用户回应一张图片:
[root@server6 logs]# cd ..
[root@server6 nginx]# cd /www2/
[root@server6 www2]# ls
index.html
[root@server6 www2]# pwd
/www2
[root@server6 www2]# ls 放一张图片
daolian.jpg index.html
[root@server6 www2]# vim /usr/local/lnmp/nginx/conf/nginx.confserver {listen 80;server_name localhost;ssl_certificate cert.pem;ssl_certificate_key cert.pem;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;location / {root /www1;index index.html index.htm;}}server {listen 80;server_name www.westos.org westos.org;charset utf-8;location / {root /www1;index index.html;}location ~ \.(gif|jpg|png)$ {root /www1;valid_referers none blocked www.westos.org;if ($invalid_referer) {rewrite ^/ http://bbs.westos.org/daolian.jpg; 写入重定向}}
}server {listen 80;server_name bbs.westos.org;#rewrite ^(.*)$ http://www.westos.org/bbs$1 permanent;location / {root /www2;index index.html;}
}}
[root@server6 www2]# nginx -s reload
在网页测试其他主机访问的时候会回应一张照片:
这篇关于Nginx参数详解以及部署实例(乱码盗链问题等)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
