Nginx常用基础模块

Nginx常用基础模块

nginx 目录索引模块

ngx_http_autoindex_module 模块处理以斜杠字符('/')结尾的请求,并生成目录列表。 当
ngx_http_index_module 模块找不到索引文件时,通常会将请求传递给 ngx_http_autoindex_module 模块。

配置

Syntax: autoindex on | off;
Default:
autoindex off;
Context: http, server, location

#例如:
[Mon Jul 19 19:59:07 root@web02 /code/h5_games]
 # vim /etc/nginx/conf.d/game.wk.com.conf 
server{
	#监听80的端口
      listen 80;
      #指定访问的域名
      server_name game.wk.com;
      #配置URL
      location /{
      #站点目录
              root /code/h5_games;
       #指定主页面
               autoindex on;

}
}
## autoindex的优化
[Mon Jul 19 19:59:07 root@web02 /code/h5_games]
 # vim /etc/nginx/conf.d/game.wk.com.conf 
server{
      listen 80;
      server_name game.wk.com;
      location /{
              root /code/h5_games;
               autoindex on;
               # 修改时间为当前系统时间(不使用格林威治时间)
                autoindex_localtime on;
                #显示文件大小(显示单位)
                autoindex_exact_size off;
}
}

Nginx的状态模块

#配置:
Syntax: stub_status;
Default: —
Context: server, location

状态模块需要配置URL
#例如:
[Mon Jul 19 20:04:00 root@web02 /code/h5_games]
 # vim /etc/nginx/conf.d/game.wk.com.conf 
server{
      listen 80;
      server_name game.wk.com;
      location /{
              root /code/h5_games;
               autoindex on;
                autoindex_localtime on;
                autoindex_exact_size off;

}
				#aa就是配置的URL,这个可以随便写
        location /aa {
              #开启
                stub_status;

}
}

image

Active connections # 当前活动的连接数
accepts # 当前的总连接数TCP
handled # 成功的连接数TCP
requests # 总的http请求数
Reading # 请求
Writing # 响应
Waiting # 等待的请求数,开启了keepalive
# 注意, 一次TCP的连接,可以发起多次http的请求, 如下参数可配置进行验证
keepalive_timeout 0; # 类似于关闭长连接
keepalive_timeout 65; # 65s没有活动则断开连接

nginx访问控制模块

基于 IP 的访问控制模块

location / {
allow IP或者网段;
deny IP或者网段,all;
}
location / {
## 允许单个IP访问
allow 10.0.0.1;
## 允许一个网段访问
allow 10.0.0.0/24;
## 拒绝所有
deny all;
}

# vim /etc/nginx/conf.d/game.wk.com.conf 
server{
      listen 80;
      server_name game.wk.com;
      location /{
              root /code/h5_games;
               autoindex on;
                autoindex_localtime on;
                autoindex_exact_size off;

}
        location /aa {
                stub_status;
				#同意这个范围的网段访问
                allow 10.0.0.0/24;
                #全部拒绝
                deny all;
}
}

基于用户登录的访问控制模块

## 页面需要用户认证,使用htpasswd命令
# 1.安装httpd-tools工具
[Mon Jul 19 21:18:51 root@web02 /]
 # yum install -y httpd-tools
 
# 2.创建认证用户目录
Mon Jul 19 21:21:41 root@web02 /]
 # mkdir /etc/nginx/auth

# 3.创建一个用户名和密码
Mon Jul 19 21:25:36 root@web02 /]
 # htpasswd -b -c /etc/nginx/auth/wk_auth wk 123
Adding password for user wk

[Mon Jul 19 21:32:31 root@web02 /]
 # vim /etc/nginx/conf.d/game.wk.com.conf
 
#(添加一个location)
location /bb {
                root /code/auth;
                index index.html;
                auth_basic "han kun ge baba";
                auth_basic_user_file /etc/nginx/auth/wk_auth;
}

image

nginx的访问限制模块

ngx_http_limit_conn_module (限制连接数)

#(这个是在主配置文件里http模块去添加的路径:/etc/nginx/nginx.conf)
http{
...
## http层设置,针对远端的IP开辟一块内存空间,空间名称=wk_zone:空间大小1m
limit_conn_zone $remote_addr zone=wk_zone:1m;
...
server{
...
## server层调用,允许同时最高2个IP访问
limit_conn zls_zone 2;
...
}
}

ngx_http_limit_req_module (限制请求频率)

http{
...
## 请求频率限制
limit_req_zone $binary_remote_addr zone=suibian:1m rate=1r/s;
...
server{
location / {
limit_req zone=suibian burst=2 nodelay;
}
}
}

## http层设置
[Mon Jul 19 22:31:45 root@web02 /]
 # cat /etc/nginx/nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
	# http层设置,针对远端的IP开辟一块内存空间,空间名称=wk_zone:空间大小1m
	limit_conn_zone $remote_addr zone=wk_zone:1m;
	## 请求频率限制
limit_req_zone $binary_remote_addr zone=suibian:1m rate=1r/s;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;


## server层或者location层调用
Mon Jul 19 22:31:26 root@web02 /]
 # cat /etc/nginx/conf.d/game.wk.com.conf
server{
      listen 80;
      server_name game.wk.com;
      #调用的
	limit_req zone=suibian burst=2 nodelay;
      location /{
              root /code/h5_games;
               autoindex on;
		autoindex_localtime on;
		autoindex_exact_size off;
	   
}
	location /aa {
		stub_status;

		allow 10.0.0.0/24;
		deny all;
}	
	location /bb {
		root /code/auth;
		index index.html;
		auth_basic "han kun ge baba";
		auth_basic_user_file /etc/nginx/auth/wk_auth;
}
}
posted @ 2021-08-08 12:31  手可摘星辰1314  阅读(89)  评论(0)    收藏  举报