Home | Mirror | Search

5. http 配置

5.1. X-Forwarded-For

real_ip_header X-Forwarded-For;
		

5.2. server

5.2.1. VirtualHost (虛擬主機)

# cat /etc/nginx/conf.d/images.conf
server {
    listen       80;
    server_name  images.example.com;

    #charset koi8-r;
    access_log  /var/log/nginx/images.access.log  main;

    location / {
        root   /www/images;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
			

綁定多個域名

server_name  images.example.com img1.example.com img2.example.com;
			

使用通配符匹配

server_name  *.example.com
server_name  www.*;
			

正則匹配

server_name ~^(.+)\.example\.com$;
server_name ~^(www\.)?(.+)$;
			

5.2.2. location

    location / {
        root   /www;
        index  index.html index.htm;
    }
			
    location ~ ^/(config|include)/ {
        deny all;
        break;
    }
			

5.2.3. ssl

mkdir /etc/nginx/ssl
			

cp your_ssl_certificate to /etc/nginx/ssl

# HTTPS server
#
server {
	listen 443;
	server_name localhost;

	root html;
	index index.html index.htm;

	ssl on;
	#ssl_certificate cert.pem;
	ssl_certificate ssl/example.com.pem;
	ssl_certificate_key ssl/example.com.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
	ssl_prefer_server_ciphers on;

	location / {
		try_files $uri $uri/ /index.html;
	}
}
			

configtest

$ sudo service nginx configtest
Testing nginx configuration: nginx.
			

443 port test

$ openssl s_client -connect www.example.com:443
			

5.3. expires

expires 格式

例 13.1. Expires Examples

expires 1 January, 1970, 00:00:01 GMT;
expires 60s;
expires 30m;
expires 24h;
expires 1d;
expires max;
expires off;

expires       24h;
expires       modified +24h;
expires       @15h30m;
expires       0;
expires       -1;
expires       epoch;
add_header    Cache-Control  private;
			

注意:expires僅僅適用於200, 204, 301, 302,304


單個檔案匹配

    location ~* \.css$ {
       expires 30d;
    }
		

副檔名匹配

#圖片類資源緩存5天,並且不記錄請求日誌
location ~ .*\.(ico|gif|jpg|jpeg|png|bmp|swf)$
{
        expires      5d;
        access_log off;
}

#css/js 緩存一天,不記錄請求日誌
location ~ .*\.(js|css)$
{
        expires      1d;
        access_log off;
}
		
location ~ .*\.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$
{
    expires      30d;
}
location ~ .*\.(js|css)$
{
    expires      1h;
}
		
location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ {
	if (-f $request_filename) {
	   expires    1h;
	   break;
	}
}

location ~* \.(jpg|jpeg|gif|css|png|js|ico)$ {
	expires max;
}

#cache control: all statics are cacheable for 24 hours
location / {
        if ($request_uri ~* \.(ico|css|js|gif|jpe?g|png)$) {
                expires 72h;
                break;
        }
}
		

add_header 實例

location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
    expires 30d;
    add_header Pragma public;
    add_header Cache-Control "public";
}
		

例 13.2. nginx expires

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ {
    expires      1d;
    access_log   off;
}

location ~ .*\.(js|css)$ {
    expires      1d;
    access_log   off;
}
location ~ .*\.(html|htm)$
{
    expires      1d;
    access_log off;
}
			

5.4. access

#防止access檔案被下載
location ~ /\.ht {
    deny  all;
}
		
location ~ ^/upload/.*\.php$
{
        deny all;
}

location ~ ^/static/images/.*\.php$
{
        deny all;
}
		
location ~ /\.ht {
    deny all;
}

location ~ .*\.(sqlite|sq3)$ {
    deny all;
}
		

5.5. auth_basic

cd /usr/local/nginx/conf
server {
	listen 80;
	server_name www.example.com;
	root /var/www/htdocs;
	index index.html;

	location / {
		try_files $uri $uri/ /index.html;
		auth_basic            "Login";
        auth_basic_user_file  htpasswd;
	}
}
		

生成密碼檔案

$ sudo apt-get install apache2-utils

htpasswd -c -d htpasswd user_name
		

提示

必須使用 -d Force CRYPT encryption of the password. 選項,

5.6. autoindex

# vim /etc/nginx/sites-enabled/default

location  /  {
  autoindex  on;
}
		
# /etc/init.d/nginx reload
Reloading nginx configuration: nginx.
		

5.7. ssi

http {
  ssi  on;
}

location / {
  ssi on;
  ssi_silent_errors on;
  ssi_types text/shtml;
}
		
ssi on;
ssi_silent_errors on;
ssi_types text/shtml;
ssi_value_length 256;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
		

5.8. rewrite

Rewrite Flags
last - 基本上都用這個Flag。
break - 中止Rewirte,不在繼續匹配
redirect - 返回臨時重定向的HTTP狀態302
permanent - 返回永久重定向的HTTP狀態301

檔案及目錄匹配,其中:
-f和!-f用來判斷是否存在檔案
-d和!-d用來判斷是否存在目錄
-e和!-e用來判斷是否存在檔案或目錄
-x和!-x用來判斷檔案是否可執行

正則表達式全部符號解釋
~ 為區分大小寫匹配
~* 為不區分大小寫匹配
!~和!~* 分別為區分大小寫不匹配及不區分大小寫不匹配
(pattern) 匹配 pattern 並獲取這一匹配。所獲取的匹配可以從產生的 Matches 集合得到,在VBScript 中使用 SubMatches 集合,在JScript 中則使用 $0…$9 屬性。要匹配圓括號字元,請使用 ‘\(’ 或 ‘\)’。
^ 匹配輸入字元串的開始位置。
$ 匹配輸入字元串的結束位置。
		
server {
	listen 80;
	server_name www.example.com example.com ;
	if ($host = "example.com" )
	{
		rewrite ^/(.*)$ http://www.example.com/$1 permanent;
	}
	if ($host != "www.example.com" )
	{
		rewrite ^/(.*)$ http://www.example.com/$1 permanent;
	}
}
		
location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ {
	if (!-f $request_filename){
	        rewrite /(.*) http://images.example.com/$1;
	}
}
		
if ($host ~ '(.*)\.static\.example\.com' ) {
    set $subdomain $1;
    rewrite  "^/(.*)$"  /$subdomain/$1;
}
		

5.9. gzip

gzip  on;
gzip_min_length  1000;
gzip_buffers     4 8k;
gzip_types       text/plain application/x-javascript text/css text/html application/xml;


gzip on;
gzip_http_version 1.0;
gzip_disable "MSIE [1-6].";
gzip_types text/plain application/x-javascript text/css text/javascript;
		

5.10. Cache

		
add_header     Nginx-Cache     "HIT  from  www.example.com";
or
add_header     Nginx-Cache     "$upstream_cache_status  from  www.example.com";
		
		

5.11. stub_status

location /nginx_status {
	stub_status on;
	access_log  off;
	allow 127.0.0.1;
	deny all;
}
		

5.12. server_tokens

隱藏nginx版本號

http {
...
server_tokens off;
...
}
		

5.13. add_header

# 相關頁面設置Cache-Control頭信息

      if ($request_uri ~* "^/$|^/news/.+/|^/info/.+/") {
        add_header    Cache-Control  max-age=3600;
      }

      if ($request_uri ~* "^/suggest/|^/categories/") {
        add_header    Cache-Control  max-age=86400;
      }
		

5.13.1. Access-Control-Allow

location ~* \.(eot|ttf|woff)$ {
    add_header Access-Control-Allow-Origin *;
}

location /js/ {
add_header Access-Control-Allow-Origin https://www.mydomain.com/;
add_header Access-Control-Allow-Methods GET,OPTIONS;
add_header Access-Control-Allow-Headers *;
}
			
location / {
    if ($request_method = OPTIONS ) {
        add_header Access-Control-Allow-Origin "http://example.com";
        add_header Access-Control-Allow-Methods "GET, OPTIONS";
        add_header Access-Control-Allow-Headers "Authorization";
        add_header Access-Control-Allow-Credentials "true";
        add_header Content-Length 0;
        add_header Content-Type text/plain;
        return 200;
    }
}
			

5.14. valid_referers

例 13.3. Example: valid_referers

location /photos/ {
  valid_referers none blocked www.mydomain.com mydomain.com;

  if ($invalid_referer) {
    return   403;
  }
}
			
location ~* \.(gif|jpg|jpeg|png|bmp|txt|zip|jar|swf)$ {
	valid_referers none blocked *.mydomain.com;
	if ($invalid_referer) {
		rewrite ^/  http://www.mydomain.com/default.gif;
		#return 403;
	}

}

location /images/ {
	alias /www/images/;
	valid_referers none blocked *.mydomain.com;
	if ($invalid_referer) {
		rewrite ^/  http://www.mydomain.com/default.gif;
	}
}
			

comments powered by Disqus