nginx中配置简介
一、location中的root和alias区别
- location中root含义
location /abc/ { root /data/www; }
请求http://domain/abc/123.png 请求的在服务器上真正资源地址为 /data/www/abc/123.png
注意: root 真实路径是root指定值加上location指定的值。
- location中alias含义 alias指定的路径是location的别名,不管location的值怎么写,资源的真实路径都是 alias 指定的路径
location /abc/ { alias /data/www/; } 请求http://domain/abc/123.png 请求的在服务器上真正资源地址为 /data/www/123.png 注意:alias真实路径是alias指定的值,不包含location指定的值了
注意:
- 在一个location中,alias可以存在多个,但是root只能有一个
- alias只能存在与location中,但是root可以用在server、http和location中
- alias后面值必须要“/”结束,否则会找不到文件,而root的“/”可有可无
二、禁用成功请求的日志记录
这是一种更好的方法,因为它会丢弃带有 2xx 或 3xx 的响应查询,仅记录错误请求。它比方法 1 稍微复杂一点,因为它取决于您的 Nginx 日志记录的配置方式。
使用 Nginx 官方文档中的示例,让我们打开条件日志记录。创建一个 $loggable 的变量并将其设置为 0,用于带有 2xx 和 3xx 响应代码的日志请求,否则设置为 1,即可。然后在 access_log 指令中,将该变量作为条件引用
map $status $loggable { ~^[23] 0; default 1; } access_log /path/to/access.log combined if=$loggable;
三、nginx中的全局变量
$args, 请求中的参数; $content_length, HTTP请求信息里的"Content-Length"; $content_type, 请求信息里的"Content-Type"; $document_root, 针对当前请求的根路径设置值; $document_uri, 与$uri相同; $host, 请求信息中的"Host",如果请求中没有Host行,则等于设置的服务器名; $limit_rate, 对连接速率的限制; $request_method, 请求的方法,比如"GET"、"POST"等; $remote_addr, 客户端地址; $remote_port, 客户端端口号; $remote_user, 客户端用户名,认证用; $request_filename, 当前请求的文件路径名 $request_body_file $request_uri, 请求的URI,带查询字符串; $query_string, 与$args相同; $scheme, 所用的协议,比如http或者是https,比如rewrite ^(.+)$ $scheme://example.com$1 redirect; $server_protocol, 请求的协议版本,"HTTP/1.0"或"HTTP/1.1"; $server_addr, 服务器地址,如果没有用listen指明服务器地址,使用这个变量将发起一次系统调用以取得地址(造成资源浪费); $server_name, 请求到达的服务器名; $server_port, 请求到达的服务器端口号; $uri, 请求的URI,可能和最初的值有不同,比如经过重定向之类的。
Ancient_browser:[$ancient_browser]\n Args:[$args]\n Binary_remote_addr:[$binary_remote_addr]\n Body_bytes_sent:[$body_bytes_sent]\n Bytes_received:[$bytes_received]\n Bytes_sent:[$bytes_sent]\n Connection:[$connection]\n Connection_requests:[$connection_requests]\n Connections_active:[$connections_active]\n Connections_reading:[$connections_reading]\n Connections_waiting:[$connections_waiting]\n Connections_writing:[$connections_writing]\n Connection_time:[$connection_time]\n Content_length:[$content_length]\n Content_type:[$content_type]\n Date_gmt:[$date_gmt]\n Date_local:[$date_local]\n Document_root:[$document_root]\n Document_uri:[$document_uri]\n Fastcgi_path_info:[$fastcgi_path_info]\n Fastcgi_script_name:[$fastcgi_script_name]\n Geoip_area_code:[$geoip_area_code]\n Geoip_city:[$geoip_city]\n Geoip_city_continent_code:[$geoip_city_continent_code]\n Geoip_city_country_code:[$geoip_city_country_code]\n Geoip_city_country_code3:[$geoip_city_country_code3]\n Geoip_city_country_name:[$geoip_city_country_name]\n Geoip_country_code:[$geoip_country_code]\n Geoip_country_code3:[$geoip_country_code3]\n Geoip_country_name:[$geoip_country_name]\n Geoip_dma_code:[$geoip_dma_code]\n Geoip_latitude:[$geoip_latitude]\n Geoip_longitude:[$geoip_longitude]\n Geoip_org:[$geoip_org]\n Geoip_postal_code:[$geoip_postal_code]\n Geoip_region:[$geoip_region]\n Geoip_region_name:[$geoip_region_name]\n Gzip_ratio:[$gzip_ratio]\n Host:[$host]\n Hostname:[$hostname]\n Http2:[$http2]\n Https:[$https]\n Invalid_referer:[$invalid_referer]\n Is_args:[$is_args]\n Jwt_claim_:[$jwt_claim_]\n Jwt_header_:[$jwt_header_]\n Limit_conn_status:[$limit_conn_status]\n Limit_rate:[$limit_rate]\n Limit_req_status:[$limit_req_status]\n Memcached_key:[$memcached_key]\n Modern_browser:[$modern_browser]\n Msec:[$msec]\n Msie:[$msie]\n Nginx_version:[$nginx_version]\n Pid:[$pid]\n Pipe:[$pipe]\n Protocol:[$protocol]\n Proxy_add_x_forwarded_for:[$proxy_add_x_forwarded_for]\n Proxy_host:[$proxy_host]\n Proxy_port:[$proxy_port]\n Proxy_protocol_addr:[$proxy_protocol_addr]\n Proxy_protocol_port:[$proxy_protocol_port]\n Proxy_protocol_server_addr:[$proxy_protocol_server_addr]\n Proxy_protocol_server_port:[$proxy_protocol_server_port]\n Query_string:[$query_string]\n Realip_remote_addr:[$realip_remote_addr]\n Realip_remote_port:[$realip_remote_port]\n Realpath_root:[$realpath_root]\n Remote_addr:[$remote_addr]\n Remote_port:[$remote_port]\n Remote_user:[$remote_user]\n Request:[$request]\n Request_body:[$request_body]\n Request_body_file:[$request_body_file]\n Request_completion:[$request_completion]\n Request_filename:[$request_filename]\n Request_id:[$request_id]\n Request_length:[$request_length]\n Request_method:[$request_method]\n Request_time:[$request_time]\n Request_uri:[$request_uri]\n Scheme:[$scheme]\n Secure_link:[$secure_link]\n Secure_link_expires:[$secure_link_expires]\n Sent_http_:[$sent_http_]\n Sent_trailer_:[$sent_trailer_]\n Server_addr:[$server_addr]\n Server_name:[$server_name]\n Server_port:[$server_port]\n Server_protocol:[$server_protocol]\n Session_log_binary_id:[$session_log_binary_id]\n Session_log_id:[$session_log_id]\n Session_time:[$session_time]\n Slice_range:[$slice_range]\n Spdy:[$spdy]\n Spdy_request_priority:[$spdy_request_priority]\n Ssl_cipher:[$ssl_cipher]\n Ssl_ciphers:[$ssl_ciphers]\n Ssl_client_cert:[$ssl_client_cert]\n Ssl_client_escaped_cert:[$ssl_client_escaped_cert]\n Ssl_client_fingerprint:[$ssl_client_fingerprint]\n Ssl_client_i_dn:[$ssl_client_i_dn]\n Ssl_client_i_dn_legacy:[$ssl_client_i_dn_legacy]\n Ssl_client_raw_cert:[$ssl_client_raw_cert]\n Ssl_client_s_dn:[$ssl_client_s_dn]\n Ssl_client_s_dn_legacy:[$ssl_client_s_dn_legacy]\n Ssl_client_serial:[$ssl_client_serial]\n Ssl_client_v_end:[$ssl_client_v_end]\n Ssl_client_verify:[$ssl_client_verify]\n Ssl_client_v_remain:[$ssl_client_v_remain]\n Ssl_client_v_start:[$ssl_client_v_start]\n Ssl_curves:[$ssl_curves]\n Ssl_early_data:[$ssl_early_data]\n Ssl_preread_alpn_protocols:[$ssl_preread_alpn_protocols]\n Ssl_preread_protocol:[$ssl_preread_protocol]\n Ssl_preread_server_name:[$ssl_preread_server_name]\n Ssl_protocol:[$ssl_protocol]\n Ssl_server_name:[$ssl_server_name]\n Ssl_session_id:[$ssl_session_id]\n Ssl_session_reused:[$ssl_session_reused]\n Status:[$status]\n Tcpinfo_rcv_space:[$tcpinfo_rcv_space]\n Tcpinfo_rtt:[$tcpinfo_rtt]\n Tcpinfo_rttvar:[$tcpinfo_rttvar]\n Tcpinfo_snd_cwnd:[$tcpinfo_snd_cwnd]\n Time_iso8601:[$time_iso8601]\n Time_local:[$time_local]\n Uid_got:[$uid_got]\n Uid_reset:[$uid_reset]\n Uid_set:[$uid_set]\n Upstream_addr:[$upstream_addr]\n Upstream_bytes_received:[$upstream_bytes_received]\n Upstream_bytes_sent:[$upstream_bytes_sent]\n Upstream_cache_status:[$upstream_cache_status]\n Upstream_connect_time:[$upstream_connect_time]\n Upstream_cookie_:[$upstream_cookie_]\n Upstream_first_byte_time:[$upstream_first_byte_time]\n Upstream_header_time:[$upstream_header_time]\n Upstream_http_:[$upstream_http_]\n Upstream_queue_time:[$upstream_queue_time]\n Upstream_response_length:[$upstream_response_length]\n Upstream_response_time:[$upstream_response_time]\n Upstream_session_time:[$upstream_session_time]\n Upstream_status:[$upstream_status]\n Uri:[$uri]\n
nginx防盗链
invalid_referer server_names;
location / {
valid_referers none blocked domain.com *.domain.com;
if ($invalid_referer) {
return 403;
}
}
# server_names表示允许的请求列表
#valid_referers 指令表示允许的合法来源,
#none表示将禁止任何来源
#blacked 表示将拒绝任何受防火墙阻止的请求,并添加你想要允许的域名 domain.com *.domain.com等
# $invalid_referer 是nginx内变量,用于检查请求是否来自有效的引用站点
定义403状态码返回客户端IP地址
http {
server {
listen 80;
server_name example.com;
# 引用白名单配置文件
allow 117.61.110.190;
# 拒绝所有其他 IP 地址
deny all;
location / {
proxy_pass https://www.baidu.com;
# 返回 403 错误和 IP 地址
error_page 403 =403 @403;
}
location @403 {
return 403 "Access forbidden for IP address: $remote_addr";
}
# 其他处理
try_files $uri $uri/ =404;
}
}
参考文献:http://nginx.org/en/docs/varindex.html
浙公网安备 33010602011771号