Nginx之静态资源WEB服务

本篇主要记录学习Nginx的静态资源WEB服务的几种常见的功能记录学习

  • Nginx开发常用的命令 
    • nginx -tc /etc/nginx/nginx.conf
    • vim /etc/nginx/conf.d/default.conf 
    • systemctl restart nginx.service
  • 静态资源类型(非服务器动态运行生成的文件)
    • 浏览器端渲染: 
      HTML,CSS,JS
    • 图片: 
      JPEG,GIF,PNG
    • 视频: 
      FLV,MPEG
    • 文件: 
      TXT,等任意下载文件

       

  • 静态资源服务场景-CDN
  • 配置语法-文件读取 
    • sendfile

      文档地址:http://www.nginx.cn/doc/standard/httpcore.html

syntax: sendfile [ on      |off ]

default: sendfile off

context: http, server, location

Directive activate or deactivate the usage of
sendfile()
       sendfile on;
    •  tcp_nopush

      文档地址:http://www.nginx.cn/doc/standard/httpcore.html

syntax: tcp_nopush [on      |off]

default: tcp_nopush off

context: http, server, location

This directive permits or forbids the use of the socket options
TCP_NOPUSH
on FreeBSD or
TCP_CORK
on Linux. This option is only available when using
sendfile
.

    Setting this option causes nginx to attempt to send it's HTTP response headers in one packet on Linux and FreeBSD 4.x 

    ReadMoreAboutTcpNopush 
          location ~ ^/download {
        gzip_static on;
        tcp_nopush on;
        root /nginxtest/download;

    }
    •  tcp_nodelay

      文档地址:http://www.nginx.cn/doc/standard/httpcore.html

syntax: tcp_nodelay [on      |off]

default: tcp_nodelay on

context: http, server, location

This directive allows or forbids the use of the socket option
TCP_NODELAY
. Only included in
keep-alive
connections.

You can read more about the
TCP_NODELAY
socket option here. 
          location / {
        tcp_nodelay on;
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    •  gzip

      文档地址:http://www.nginx.cn/doc/standard/httpgzip.html

语法: gzip on      |off

默认值: gzip off

作用域: http, server, location, if (x) location

开启或者关闭gzip模块 

          location ~ .*\.(jpg|gif|png)$ {
        gzip off;
        gzip_http_version 1.1;
        gzip_comp_level 5;
        root /nginxtest/images;
    }
  • 校验过期机制 
    HttpHeaders模块

    文档地址:http://www.nginx.cn/doc/standard/httpheaders.html

本模板可以设置HTTP报文的头标。

__示例__

: expires     24h;
: expires         0;
: expires     -1;
: expires     epoch;
: add_header  Cache-Control  private;

指令

    [#add_header add_header]
    [#expires expires] 
        location / {
        expires 24h;
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

      

      

  • 跨域访问(不安全的,容易出来CSRF攻击) 
    语法: add_header name value

默认值: none

作用域: http, server, location

当HTTP应答状态码为 200204301302304 的时候,增加指定的HTTP头标。

其中头标的值可以使用变量。

    Access-Control-Allow-Origin 
        location / {
        add_header Access-Control-Allow-Origin www.baidu.com;
        add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
  • 防盗链
    • 目的:防止资源被盗用

    • 防盗链设置思路:首要方式区别那些请求是非正常的用户的请求

    • 基于http_refer防盗链配置模块

    • valid_referers

syntax: valid_referers [none|blocked|server_names] ...

default: none

context: server, location

This directive assigns a value of 0 or 1 to the variable
$invalid_referer
based on the contents of the
referer
header.

You can use this to help reduce deep-linking from outside sites. If
Referer
header is not accounted for in the list of
valid_referers
, then
$invalid_referer
will be set to 1 (see example above).

The parameters can be as follows:

    none
    means the absence of "Referer" header.
    blocked
    means masked
    Referer
    header by firewall, for example, "Referer: XXXXXXX".
    server_names is a list of one or more servers. From version 0.5.33 onwards, * wildcards can be used in the server names.
      View Code
    •     location ~ .*\.(jpg|gif|png)$ {
        valid_referers none blocked 119.2x.1x3.218 支持增则匹配;
        if ($invalid_referer) {
                return 403;
        }
        root /nginxtest/images;
    }

       

posted @ 2018-01-09 02:20  jimisun  阅读(4033)  评论(0编辑  收藏  举报
豫ICP备17005230号-3