Implementation code of anti-theft chain and optimization of nginx in Linux

Time:2021-11-29

Hide version number

The version number is not hidden. In order to improve security, the version number needs to be hidden.

在这里插入图片描述

Hide version number experiment

cd /usr/local/nginx/
###Edit profile
vim conf/nginx.conf

在这里插入图片描述
在这里插入图片描述

Modify user group

The main process uses root, and the child process uses nginx users

在这里插入图片描述

vim conf/nginx.conf
###Specify user groups
user nginx nginx;

Set cache time

###Modified profile
vim conf/nginx.conf

在这里插入图片描述
在这里插入图片描述

Log cutting

The following is the log segmentation script

#!/bin/bash
day=$(date -d "-1 day" "+%Y%m%d")
logs_path="/var/log/nginx"
pid_path="/usr/local/nginx/logs/nginx.pid"
[ -d $logs_path ] || mkdir -p $logs_path
mv /usr/local/nginx/logs/access.log ${logs_path}/access.log-$day
kill -USR1 $(cat $pid_path)
find $logs_path -mtime +30 -exec rm -rf {} \;

####The log segmentation script is automatically segmented every day
chmod +x /opt/jiaoben.sh
crontab -e
0 1 * * * /opt/jiaoben.sh

在这里插入图片描述

High concurrency by changing the number of CPU cores

###View the number of CPUs
cat /proc/cpuinfo | grep -c "physical id"
###When changing the configuration file, the audit must correspond to its own computer
vim conf/nginx.conf
###The service needs to be restarted after setting·

在这里插入图片描述

Configure web page compression

在这里插入图片描述

Configure anti-theft chain

~*\. (jpg|gif|swf) $: this regular expression matches the case insensitive image format.
walid_ Referers: specifies a trusted domain name.

在这里插入图片描述

optimization

It can be optimized by the following code

vim /usr/local/php/etc/php-fpm.d/www.conf
--96 lines--
pm = dynamic 				# FPM process startup mode, dynamic
--107 lines--
pm.max_ children=20 			# Maximum number of processes started by FPM process
--112 lines--
pm.start_ servers = 5 		# The number of processes started by default when starting in dynamic mode is between the minimum and maximum
--117 lines--
pm.min_ spare_ servers = 2 	# Minimum number of idle processes in dynamic mode
--122 lines--
pm.max_ spare_ servers = 8 	# Maximum number of idle processes in dynamic mode


kill -USR2 `cat /usr/local/php/var/run/php-fpm.pid` 			# Restart PHP FPM
netstat -anpt | grep 9000

The above is the details of the anti-theft chain and optimization of nginx in Linux. For more information about the anti-theft chain and optimization of nginx, please pay attention to other relevant articles of developeppaer!