Home | Mirror | Search |
# cat /etc/nginx/conf.d/images.conf server { listen 80; server_name images.example.com; #charset koi8-r; access_log /var/log/nginx/images.access.log main; location / { root /www/images; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }
綁定多個域名
server_name images.example.com img1.example.com img2.example.com;
使用通配符匹配
server_name *.example.com server_name www.*;
正則匹配
server_name ~^(.+)\.example\.com$; server_name ~^(www\.)?(.+)$;
location / { root /www; index index.html index.htm; }
location ~ ^/(config|include)/ { deny all; break; }
mkdir /etc/nginx/ssl
cp your_ssl_certificate to /etc/nginx/ssl
# HTTPS server # server { listen 443; server_name localhost; root html; index index.html index.htm; ssl on; #ssl_certificate cert.pem; ssl_certificate ssl/example.com.pem; ssl_certificate_key ssl/example.com.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; location / { try_files $uri $uri/ /index.html; } }
configtest
$ sudo service nginx configtest Testing nginx configuration: nginx.
443 port test
$ openssl s_client -connect www.example.com:443
expires 格式
例 24.1. Expires Examples
expires 1 January, 1970, 00:00:01 GMT; expires 60s; expires 30m; expires 24h; expires 1d; expires max; expires off; expires 24h; expires modified +24h; expires @15h30m; expires 0; expires -1; expires epoch; add_header Cache-Control private;
注意:expires僅僅適用於200, 204, 301, 302,304
單個檔案匹配
location ~* \.css$ { expires 30d; }
副檔名匹配
#圖片類資源緩存5天,並且不記錄請求日誌 location ~ .*\.(ico|gif|jpg|jpeg|png|bmp|swf)$ { expires 5d; access_log off; } #css/js 緩存一天,不記錄請求日誌 location ~ .*\.(js|css)$ { expires 1d; access_log off; }
location ~ .*\.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$ { expires 30d; } location ~ .*\.(js|css)$ { expires 1h; }
location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ { if (-f $request_filename) { expires 1h; break; } } location ~* \.(jpg|jpeg|gif|css|png|js|ico)$ { expires max; } #cache control: all statics are cacheable for 24 hours location / { if ($request_uri ~* \.(ico|css|js|gif|jpe?g|png)$) { expires 72h; break; } }
add_header 實例
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires 30d; add_header Pragma public; add_header Cache-Control "public"; }
例 24.2. nginx expires
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ { expires 1d; access_log off; } location ~ .*\.(js|css)$ { expires 1d; access_log off; } location ~ .*\.(html|htm)$ { expires 1d; access_log off; }
#防止access檔案被下載 location ~ /\.ht { deny all; }
location ~ ^/upload/.*\.php$ { deny all; } location ~ ^/static/images/.*\.php$ { deny all; }
location ~ /\.ht { deny all; } location ~ .*\.(sqlite|sq3)$ { deny all; }
cd /usr/local/nginx/conf server { listen 80; server_name www.example.com; root /var/www/htdocs; index index.html; location / { try_files $uri $uri/ /index.html; auth_basic "Login"; auth_basic_user_file htpasswd; } }
生成密碼檔案
$ sudo apt-get install apache2-utils htpasswd -c -d htpasswd user_name
必須使用 -d Force CRYPT encryption of the password. 選項,
# vim /etc/nginx/sites-enabled/default location / { autoindex on; }
# /etc/init.d/nginx reload Reloading nginx configuration: nginx.
http { ssi on; } location / { ssi on; ssi_silent_errors on; ssi_types text/shtml; }
ssi on; ssi_silent_errors on; ssi_types text/shtml; ssi_value_length 256; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m;
Rewrite Flags last - 基本上都用這個Flag。 break - 中止Rewirte,不在繼續匹配 redirect - 返回臨時重定向的HTTP狀態302 permanent - 返回永久重定向的HTTP狀態301 檔案及目錄匹配,其中: -f和!-f用來判斷是否存在檔案 -d和!-d用來判斷是否存在目錄 -e和!-e用來判斷是否存在檔案或目錄 -x和!-x用來判斷檔案是否可執行 正則表達式全部符號解釋 ~ 為區分大小寫匹配 ~* 為不區分大小寫匹配 !~和!~* 分別為區分大小寫不匹配及不區分大小寫不匹配 (pattern) 匹配 pattern 並獲取這一匹配。所獲取的匹配可以從產生的 Matches 集合得到,在VBScript 中使用 SubMatches 集合,在JScript 中則使用 $0…$9 屬性。要匹配圓括號字元,請使用 ‘\(’ 或 ‘\)’。 ^ 匹配輸入字元串的開始位置。 $ 匹配輸入字元串的結束位置。
server { listen 80; server_name www.example.com example.com ; if ($host = "example.com" ) { rewrite ^/(.*)$ http://www.example.com/$1 permanent; } if ($host != "www.example.com" ) { rewrite ^/(.*)$ http://www.example.com/$1 permanent; } }
location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ { if (!-f $request_filename){ rewrite /(.*) http://images.example.com/$1; } }
if ($host ~ '(.*)\.static\.example\.com' ) { set $subdomain $1; rewrite "^/(.*)$" /$subdomain/$1; }
gzip on; gzip_min_length 1000; gzip_buffers 4 8k; gzip_types text/plain application/x-javascript text/css text/html application/xml; gzip on; gzip_http_version 1.0; gzip_disable "MSIE [1-6]."; gzip_types text/plain application/x-javascript text/css text/javascript;
add_header Nginx-Cache "HIT from www.example.com"; or add_header Nginx-Cache "$upstream_cache_status from www.example.com";
location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; }
# 相關頁面設置Cache-Control頭信息
if ($request_uri ~* "^/$|^/news/.+/|^/info/.+/") { add_header Cache-Control max-age=3600; } if ($request_uri ~* "^/suggest/|^/categories/") { add_header Cache-Control max-age=86400; }
location ~* \.(eot|ttf|woff)$ { add_header Access-Control-Allow-Origin *; } location /js/ { add_header Access-Control-Allow-Origin https://www.mydomain.com/; add_header Access-Control-Allow-Methods GET,OPTIONS; add_header Access-Control-Allow-Headers *; }
location / { if ($request_method = OPTIONS ) { add_header Access-Control-Allow-Origin "http://example.com"; add_header Access-Control-Allow-Methods "GET, OPTIONS"; add_header Access-Control-Allow-Headers "Authorization"; add_header Access-Control-Allow-Credentials "true"; add_header Content-Length 0; add_header Content-Type text/plain; return 200; } }
例 24.3. Example: valid_referers
location /photos/ { valid_referers none blocked www.mydomain.com mydomain.com; if ($invalid_referer) { return 403; } }
location ~* \.(gif|jpg|jpeg|png|bmp|txt|zip|jar|swf)$ { valid_referers none blocked *.mydomain.com; if ($invalid_referer) { rewrite ^/ http://www.mydomain.com/default.gif; #return 403; } } location /images/ { alias /www/images/; valid_referers none blocked *.mydomain.com; if ($invalid_referer) { rewrite ^/ http://www.mydomain.com/default.gif; } }