lnmp 配置

用户认证

server
{
    listen 80;
    server_name www.test1.com;
    index index.html index.htm index.php;
    root /data/www;
    location ~ .*admin\.php$ {
        auth_basic "123123 auth";
        auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
   include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
    }

}

 htpasswd -c -m /usr/local/nginx/conf/htpasswd test
/etc/init.d/nginx reload

 curl -x127.0.0.1:80 -uaming:123123 www.test1.com/admin.php
401状态码 是让你输入用户名和密码


      目录认证


server
{
    listen 80;
    server_name www.test1.com;
    index index.html index.htm index.php;
    root /data/www;
    localtion ~ /tmp/ {
        auth_basic "123123 auth";
        auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
}
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
    }

}


            域名跳转

    listen 80;
    server_name www.test1.com www.aaa1.com www.bbb1.com;
    if ($host != 'www.test1.com')
    {
       rewrite ^/(.*)$ http://www.test1.com/$1 permanent;
       }
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload

测试
 curl -x127.0.0.1:80  www.aaa1.com/sdsdsssss -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sat, 02 Jan 2016 06:52:38 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: http://www.test1.com/sdsdsssss

测试
 curl -x127.0.0.1:80  www.test1.com/sdsdsssss -I
HTTP/1.1 404 Not Found
Server: nginx/1.8.0
Date: Sat, 02 Jan 2016 06:53:03 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

 site:www.aminglishiming.net


            nginx不记录指定文件类型的日志


 server
{
    listen 80;
    server_name www.test1.com www.aaa1.com www.bbb1.com;
    if ($host != 'www.test1.com')
      {
   rewrite ^/(.*)$ http://www.test1.com/$1 permanent;
     }
    index index.html index.htm index.php;
    root /data/www;
    access_log /tmp/access.log aming;

    location ~ .*admin\.php$ {
        auth_basic "123123 auth";
        auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
        include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
      }

   location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$
       {
    access_log off;
    }
   location ~ .*\.(static|cache)$
       {
    access_log off;
    }
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
    }

}

nginx日志切割
先来写一个nginx日志切割的脚本
vim /usr/local/sbin/nginx_logrotate.sh
d=`date -d "-1 day" +%Y%m%d`
[ -d /tmp/nginx_log ] || mkdir /tmp/nginx_log
mv /tmp/access.log /tmp/nginx_log/$d.log
/etc/init.d/nginx reload 2> /dev/null
gzip -f $d.log

然后写一个计划任务，每天0点0分执行该脚本


         配置静态文件过期时间



server
{
    listen 80;
    server_name www.test1.com www.aaa1.com www.bbb1.com;
    if ($host != 'www.test1.com')
      {
   rewrite ^/(.*)$ http://www.test1.com/$1 permanent;
     }
    index index.html index.htm index.php;
    root /data/www;
     access_log /tmp/access.log aming;
    location ~ .*admin\.php$ {
       auth_basic "123123 auth";
      auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
 include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
 *  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
 *      {
  *  access_log off;
*  expires 30d;
 *   }
   location ~ .*\.(js|css)
   {
   access_log off;
   expires 12h;
   }
   location ~ .*\.(static|cache)$
       {
    access_log off;
    }
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
    }

}

nginx配置防盗链
server
{
    listen 80;
    server_name www.test1.com www.aaa1.com www.bbb1.com;
    if ($host != 'www.test1.com')
      {
   rewrite ^/(.*)$ http://www.test1.com/$1 permanent;
     }
    index index.html index.htm index.php;
    root /data/www;
     access_log /tmp/access.log aming;
    location ~ .*admin\.php$ {
       auth_basic "123123 auth";
      auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
 include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
 *  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rar|zip||gz|bz2)$
      {
    access_log off;
   expires 30d;
 *  valid_referers none blocked server_names *.test1.com *.aaa1.com
*   if ($invalid_referer)
 *   {
 *     return 403;

*               }
                 }
   location ~ .*\.(js|css)
   {
   access_log off;
   expires 12h;
   }
   location ~ .*\.(static|cache)$
       {
    access_log off;
    }
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
    }

}

测试
curl -e "http://www.baidu.com/123 -I x127.0.0.1:80 ‘图片地址’



 nginx访问控制
可以对admin.php访问进行控制

location ~ .*admin\.php$ {
       allow 127.0.0.1;
   deny all;
 include fastcgi_params;
        fastcgi_pass unix:/tmp/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}

也可以针对全局配置

server
{
    listen 80;
    server_name www.test1.com www.aaa1.com www.bbb1.com;
    if ($host != 'www.test1.com')
      {
   rewrite ^/(.*)$ http://www.test1.com/$1 permanent;
     }
    index index.html index.htm index.php;
    root /data/www;
     access_log /tmp/access.log 123123

        deny 1.1.1.1
   deny ip

    location ~ .*admin\.php$ {
       auth_basic "123123 auth";
       auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
       include fastcgi_params;




nginx禁止指定user_agent

 listen 80;
    server_name www.test1.com www.aaa1.com www.bbb1.com;
    if ($host != 'www.test1.com')
      {
   rewrite ^/(.*)$ http://www.test1.com/$1 permanent;
     }
    index index.html index.htm index.php;
    root /data/www;
     access_log /tmp/access.log 123123
    deny 1.1.1.1
   deny ip

*  if ($http_user_agent ~ * 'bingbot/2.0|MJ12bot/v1.4.2|Spider/3.0|YoudaoBot|Tomato|Gecko/20100315')
{
   return 403;
 }
    location ~ .*admin\.php$ {
       auth_basic "123123 auth";
       auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
       include fastcgi_params;

curl -A "sajfkasfasjkdhfa" -xip:port www.test.com/forum.php -I

   nginx代理详解


 vim /usr/local/nginx/conf/vhosts/proxy.conf
server {
   listen 80;
   server_name www.baidu.com;

   localtion / {
    proxy_pass    http://ip/;
}
}
dig www.baidu.com
查看百度有多少ip
如果后端的机器有多台，还可以用upstream来实现负载均衡
upstream 自定义名字
   service ip:端口
   service ip
server {
   listen 80;
   server_name www.baidu.com;

   localtion / {
    proxy_pass    http://自定义的名字/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
}
}


upstream scottbbs {
        server    192.168.0.75;
        server    192.168.0.76;
        server    192.168.0.77;
      }

   server
{
        listen 80;
        server_name www.scottbbs.com;
        index index.html index.htm index.php;

        location / {
        proxy_pass      http://scottbbs/;
        proxy_set_header Host $host;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
}
}