Recently, I want to deeply study the related knowledge of nginx, so I summarize the following contents.
- Nginx configuration parameters
- Nginx common commands
- Nginx variable
- Virtual host configuration
- Nginx’s own module
- Fastcgi related configuration
- Common functions
What is nginx?
Nginx is a free, open source, high-performance HTTP server and reverse proxy server; it is also an IMAP, POP3, and SMTP proxy server; nginx can be used as an HTTP server for website publishing, and nginx can be used as a reverse proxy for load balancing.
Advantages of nginx
1. Can be highly concurrent
The official test shows that nginx can support 50000 concurrent connections, and the actual production environment can support 20000-40000 concurrent connections.
The main reason is that nginx uses the latest epoll (linux2.6 kernel) and kqueue (FreeBSD) network I / O model, while Apache uses the traditional select model. Its relatively stable prefork mode is multi process mode, which needs to generate subprocesses frequently. Therefore, the CPU and other server resources consumed by nginx are much higher than those of nginx.
2. Less memory consumption
The nginx + PHP (fastcgi) server, with 30000 concurrent connections, opens 10 nginx processes, consuming 150MB of memory and 15MB of memory10 = 150MB, the 64 php-cgi processes opened consume 1280 memory, 20MB64 = 1280mb, plus the memory consumed by the system itself, the total memory consumption is less than 2GB.
If the memory of the server is relatively small, only 25 php-cgi processes can be opened, so that the total memory consumed by php-cgi is only 500MB.
3. Low cost
The purchase of f5big-ip, NetScaler and other hardware load balancing switches requires more than 100000 to hundreds of thousands of RMB. Nginx is an open-source software, which adopts the 2-clause bsd-like protocol. It can be tried for free and can be used for commercial purposes.
BSD open source protocol is a protocol that gives users great freedom. It points out that they can freely use and modify the source code, or redistribute the modified code as open source or special software.
4. The configuration file is very simple
The network is as easy to understand as the program, even if the non dedicated system administrator can understand.
5. Support rewrite
It can divide HTTP requests into different back-end server groups according to different domain names and URLs.
6. Built in health check function
If a web server on the back end of nginxproxy goes down, the access to the front end will not be affected.
7. Save bandwidth
Support gzip compression, can add browser local cache header.
8. High stability
For reverse agents, the probability of downtime is minimal.
9. Support hot deployment
Nginx supports hot deployment, and its automation is particularly easy. Moreover, it can run continuously for almost 7 days * 24 hours. Even if it runs for several months, it does not need to restart. It can also upgrade the software version without interruption of service.
Nginx configuration parameters
reference resourcesNginx configuration common parameters, read this article is enough
Look at the pagoda with me nginx.conf Configuration as an example
##Main module
#Configure users or groups
user www www;
#The number of worker processes started by nginx. It is recommended to be the number of CPU cores
worker_processes auto;
#Specify log path, level. This setting can be put into global block, HTTP block and server block. The level is as follows: ා debug | info | notice | warn | error | crit | alert | emerg
error_log /www/wwwlogs/nginx_error.log crit;
#Specify the storage address of nginx process running file
pid /www/server/nginx/logs/nginx.pid;
#Configure the maximum number of open files for the nginx worker process
worker_rlimit_nofile 51200;
##Event module
events
{
#Event driven model, select | poll | kqueue | epoll | Resig | / dev / poll | eventport. It is not recommended to set, and nginx will choose by itself
use epoll;
#The maximum number of connections. The default is 512
worker_connections 51200;
#Set whether a process accepts multiple network connections at the same time. The default value is off
multi_accept on;
#Set network connection serialization to prevent group panic. The default value is
#on accept_mutex on;
#Default: 500ms. If a process has no mutex, how long will it be delayed at least. By default, the delay is 500 ms.
#accept_mutex_delay 100ms;
}
#HTTP module
http
{
#File extension and file type mapping table
include mime.types;
#include luawaf.conf;
#Introduction proxy.conf The configuration is related to nginx proxy. The configuration content is as follows
include proxy.conf;
#The default file type is text / plain by default
default_type application/octet-stream;
#The hash table that holds the server name is set by the command server_ names_ hash_ max_ Size and server_ names_ hash_ bucket_ Size controlled
server_names_hash_bucket_size 512;
#Set request buffer
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
#The size limit of uploaded files is 1m by default
client_max_body_size 50m;
#Sendfile is allowed to transfer files. The default is off
sendfile on;
#The data packet will not be sent out immediately. When the data packet is the largest, it will be transmitted once and for all, which will help to solve the network congestion. When using the sendfile function, TCP_ Nopush works
tcp_nopush on;
#The connection timeout is 75s by default
keepalive_timeout 60;
#Causes the data in the buffer to be sent immediately
tcp_nodelay on;
#Specifies the timeout to connect to the backend fastcgi
fastcgi_connect_timeout 300;
#Specifies the timeout for sending requests to fastcgi, which is the timeout for sending requests to fastcgi after two handshakes have been completed
fastcgi_send_timeout 300;
#Specifies the timeout for receiving fastcgi replies. This value is the timeout for receiving fastcgi replies after two handshakes have been completed
fastcgi_read_timeout 300;
#Specifies the size of the buffer required to read the first part of the fastcgi reply
fastcgi_buffer_size 64k;
#Specifies how many and how large buffers are needed locally to buffer fastcgi's reply requests
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
#Indicates the size of the data block to use when writing to the cache file. The default value is fastcgi_ Twice the number of buffers.
fastcgi_temp_file_write_size 256k;
#Do you want to pass 4xx and 5xx error messages to the client, or allow nginx to use error_ Page processing error information
fastcgi_intercept_errors on;
##Enable gzip resource compression
gzip on;
#Gzip is used for compression when the returned content is greater than this value, in K units. When the value is 0, all pages are compressed.
gzip_min_length 1k;
#Sets the number and size of buffers used to process request compression
gzip_buffers 4 16k;
#It is used to identify the version of HTTP protocol. Earlier browsers do not support gzip compression, and users will see garbled code. Therefore, this option is added to support previous versions. Gzip compression is not enabled by default under the HTTP / 1.0 protocol.
gzip_http_version 1.1;
#Set the gzip compression level. The lower the level, the faster the compression speed and the smaller the file compression ratio. Otherwise, the slower the speed, the greater the file compression ratio
gzip_comp_level 2;
#Set the MIME type to be compressed. If the request is not in the range of the set type, it will not be compressed
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
#Add response header "vary: accept encoding"
gzip_vary on;
#When nginx acts as a reverse proxy, enable:
#Off – turn off all agent result data compression
#Expired – enable compression if the header contains an "expired" header
#No cache - if the header contains "cache"- Control:no-cache ”Header information, compression enabled
#No store - if the header contains "cache"- Control:no-store ”Header information, compression enabled
#Private – if the header contains "cache"- Control:private ”Header information, compression enabled
#no_ last_ Modified – enables compression if the header contains' last '_ Modified "header, enable compression
#no_ Etag – enables compression, if the header contains "Etag" header information, enables compression
#Auth – enable compression, if the header contains "authorization" header information, enable compression
#Any – unconditionally compress all result data
gzip_proxied expired no-cache no-store private auth;
#The expression indicates which UA headers do not use gzip compression
gzip_disable "MSIE [1-6]\.";
#Request limit, the limit on the number of simultaneous connections of a single IP and a single session. Here we define a storage area Conn_ zone,conn_ The capacity of the zone is 1m, and the storage area is for the variable $binary_ remote_ Add takes effect. Here, it takes effect for a single IP.
limit_conn_zone $binary_remote_addr zone=perip:10m;
#For domain name restrictions
limit_conn_zone $server_name zone=perserver:10m;
#Hide version number
server_tokens off;
#Close access_ Log, that is, access logs are not recorded
access_log off;
#Server {} is contained in http {} and each server {} is a virtual host (site)
server
{
#The monitoring port is 888. You can customize other ports or add IP address
listen 888;
#Define the website domain name, can write more than one, separated by spaces
server_name phpmyadmin;
#Default access file
index index.html index.htm index.php;
#Define the site root directory, which can be a relative path or an absolute path
root /www/server/phpmyadmin;
#Define 404 pages
#error_page 404 /404.html;
include enable-php.conf;
#Match requests ending with GIF, JPG, JPEG, PNG, BMP, swf
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
#The control page uses cache, and the cache time is 30 days
expires 30d;
}
#Match requests ending with JS, CSSF
location ~ .*\.(js|css)?$
{
#The control page uses cache, and the cache time is 12 hours
expires 12h;
}
#Match forbidden access
location ~ /\.
{
deny all;
}
#To define access logs, you can set their own access logs for each server (that is, each site)
access_log /www/wwwlogs/access.log;
}
#Import all configuration files ending in. Conf in this directory
include /www/server/panel/vhost/nginx/*.conf;
}proxy.conf The contents are as follows
#The temporary file definition directory that stores the data received from the proxy server
proxy_temp_path /www/server/nginx/proxy_temp_dir;
#Indicates the path where the cache file is stored. The path is created in advance
#(levels = 1:2: set the number of level hash directory relative to the path specified directory to cache data, levels = 1, represents the first level hash directory, levels = 1:2, represents the two-level hash directory, and the directory name is obtained by hash algorithm based on the request URL)
#(keys_ zone=cache_ one:500m : set cache name)
#(inactive = 1D: forced update time. If no one accesses within the specified time, the cache will be deleted)
#(max_ Size = 30g: set the size limit and maximum cache space of cache data in hard disk)
proxy_cache_path /www/server/nginx/proxy_cache_dir levels=1:2 keys_zone=cache_one:20m inactive=1d max_size=5g;
#The buffer size of client request body is used to process post, submit data, upload files, etc. client_ body_ buffer_ Size needs to be large enough to hold post data if it needs to be uploaded
client_body_buffer_size 512k;
#Set the timeout for the connection to the upstream server. It is important to remember that the timeout cannot exceed 75 seconds.
proxy_connect_timeout 60;
#Set the read timeout with the proxy server. It determines how long nginx will wait for a response to a request.
proxy_read_timeout 60;
#Set the timeout for sending requests to the upstream server. The timeout is not set for the entire send period, but during two write operations. If upstream does not receive new data after the timeout, nginx will close the connection
proxy_send_timeout 60;
#Nginx uses this size to request read_ BUF, that is, the size specifies the maximum length of the upstream header. If the response header exceeds this length, nginx will report an upstream send too big header error, and then the client receives 502.
proxy_buffer_size 32k;
#Set the number of buffers and the size of each buffer used by the body that stores the response of the proxy server. Specifically, it means to open up 4 reads with a length of 64K_ BUF is used to store the body. Of course, it does not open up four bufs at the time of connection establishment and initialization. It will only apply for a new buf when the previous buf is not enough to respond to the body, with a maximum of four bufs.
proxy_buffers 4 64k;
#Nginx will start to transfer data to the client before reading the back-end response completely, so it will delimit a part of buffer in busy state to send data to the client (proxy is recommended)_ Then it continues to fetch data from the back end. proxy_ busy_ buffer_ The size parameter is used to set the size of the buffer in the busy state.
proxy_busy_buffers_size 128k;
#The size of temporary file that can be written in one access. The default is proxy_ buffer_ Size and proxy_ Twice the size of the buffer set in buffers
proxy_temp_file_write_size 128k;
#Specifies the HTTP method uses in requests forwarded to the proxy server
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
##Use cache_ One
proxy_cache cache_one;Nginx configuration of laravel project
server
{
#Monitoring port 80
listen 80;
#Listen to port 443 and use SSL protocol
listen 443 ssl http2;
#Define website domain name
server_name test.com;
#Default access file
index index.php index.html index.htm default.php default.htm default.html;
#Root directory
root /www/wwwroot/test/public;
#Force the use of HTTPS. When the listening port is not 443, the route will be rewritten
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#Configure SSL certificate
ssl_certificate /www/server/panel/vhost/cert/test.com/fullchain.pem;
#Configure SSL key
ssl_certificate_key /www/server/panel/vhost/cert/test.com/privkey.pem;
#Used to restrict the connection to include only the strong version and password of SSL / TLS
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
#Sets the type and size of the cache that stores session parameters
ssl_session_cache shared:SSL:10m;
#Specifies when a client can reuse session parameters
ssl_session_timeout 10m;
#Define 497 error prompt page
error_page 497 https://$host$request_uri;
#Php-info-start PHP reference configuration, which can be commented or modified
include enable-php.conf;
#PHP-INFO-END
#URL rewriting rules of laravel
location / {
try_files $uri $uri/ /index.php$is_args$query_string;
}
#Forbidden file or directory
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#One click SSL certificate verification directory related settings
location ~ \.well-known{
allow all;
}
#Match requests ending with GIF, JPG, JPEG, PNG, BMP, SWF and add cache time is 30 days
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log off;
access_log /dev/null;
}
#Match the request ending with JS, CSS and add the cache time is 12 hours
location ~ .*\.(js|css)?$
{
expires 12h;
error_log off;
access_log /dev/null;
}
#Access log
access_log /www/wwwlogs/test.com.log;
#Error log
error_log /www/wwwlogs/test.com.error.log;
}enable- php.conf The contents are as follows
#Match the request that contains. PHP in the URL
location ~ [^/]\.php(/|$)
{
#Find the file, if the file does not exist, return 404
try_files $uri =404;
#Forward the request to the fastcgi management process for processing
fastcgi_pass unix:/tmp/php-cgi-72.sock;
#If the requested URI ends with /, the file set by this directive is appended to the URI and saved in the variable $fastcig_ script_ Name
fastcgi_index index.php;
#Set the parameters in fastcgi request. The specific settings can be found in the$_ Server
#The path of the script file request
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#Requested parameters
fastcgi_param QUERY_STRING $query_string;
#Requested action (get, post)
fastcgi_param REQUEST_METHOD $request_method;
#Content type field in request header
fastcgi_param CONTENT_TYPE $content_type;
#Content length field in request header
fastcgi_param CONTENT_LENGTH $content_length;
#Script name
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
#The requested address has no parameters
fastcgi_param REQUEST_URI $request_uri;
#Same as $URI.
fastcgi_param DOCUMENT_URI $document_uri;
#The root directory of the web site. The value specified in the root directive in the server configuration
fastcgi_param DOCUMENT_ROOT $document_root;
#The protocol used by the request, usually http / 1.0 or http / 1.1
fastcgi_param SERVER_PROTOCOL $server_protocol;
#Get the request protocol such as HTTP or HTTPS
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
#CGI version
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
#Nginx version number, can be modified and hidden
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
#Client IP
fastcgi_param REMOTE_ADDR $remote_addr;
#Client port
fastcgi_param REMOTE_PORT $remote_port;
#Server IP address
fastcgi_param SERVER_ADDR $server_addr;
#Server port
fastcgi_param SERVER_PORT $server_port;
## server name, the server specified in the server configuration_ name
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
#Set script name
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
#Setting custom variables
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
}Location, rewrite syntax configuration
Location configuration and rewrite syntax
Redirection configuration and practice of rewrite in nginx
Nginx common commands
Help command: nginx – H
View process: PS aux | grep nginx
Check configuration file: nginx – t
View nginx version and module: nginx – V
Start nginx server: sudo nginx
Specify boot configuration file: sudo nginx – C / usr / local / nginx / conf/ nginx.conf
Sudo nginx – s stop
Elegant stop service: sudo nginx – s quit
Reload configuration file: sudo nginx – s reload
Nginx variable
reference resourcesVariables of nginx
The system variables for nginx are provided by each module compiled into nginx. Users can also define their own variables.
Common nginx variables
| variable | effect |
|---|---|
| arg_ Parameter name | The value of a specific parameter in the URL |
| query_string | Exactly the same as the args variable |
| args | All URL parameters |
| is_args | If there are parameters in the URL of the request, return? Otherwise, it returns null |
| content_length | The value of the content length header that identifies the length of the package body in the HTTP request. If the header does not have this value, it is empty |
| content_type | Value that identifies the content type header of the request package type |
| uri | The URI of the request (does not contain, does not contain the parameter after?) |
| document_uri | Exactly the same as URI |
| request_uri | The URL of the request (including the parameters after?) |
| scheme | Protocol name HTTP or HTTPS |
| request_method | The requested method get or post |
| request_length | The size of all request contents, including request line, header, package body, etc |
| remote_user | There is a user name passed in by HTTP basic authentication protocol |
| request | Original URL request with method and protocol version |
TCP related variables
| variable | effect |
|---|---|
| binary_remote_addr | The integer format of client geology, which is 4 bytes for IPv4 |
| remote_addr | Client address |
| remote_port | Client port |
| connection | Incremental connection number |
| connection_requests | The number of requests executed on the current connection, which is meaningful for keepalive |
| proxy_protocol_addr | If proxy is used_ Protocol returns the address in the protocol |
| proxy_protocol_port | If proxy is used_ Protocol returns the port in the protocol |
| server_addr | Server address (local address) |
| server_port | Server port |
| TCP_INFO | TCP kernel layer parameters $tcpinfo_ rtt,$tcpinfo_ rttvar,$tcpinfo_ snd_ cwnd,$tcpinfo_ rcv_ space) |
| server_protocol | Server side protocols, such as http |
Variables generated during nginx processing requests
| variable | effect |
|---|---|
| request_time | Time taken for request processing |
| server_name | Match request server on_ name |
| request_completion | If the request is processed, OK is returned; otherwise, it is empty |
| request_id | The ID of the request ID, which is prohibited by 16, is generated |
Nginx system variable
| variable | effect |
|---|---|
| time_local | Standard output in local time |
| pid | ID of the worker process it belongs to |
| hostname | It is consistent with the output of hostname on the system |
Virtual host configuration
Virtual host is a special software and hardware technology. It can divide each computer on the network into multiple virtual hosts. Each virtual host can provide www services independently. In this way, a host can provide multiple web services to the outside world. Each virtual host is independent and does not affect each other
Take the above configuration path of nginx in pagoda as an example
Multi IP based on host
#Create an ip1.conf in the / www / server / panel / Vhost / nginx directory
server
{
listen 127.0.0.1:80;
server_name www.test.com;
location / {
root html;
index index.html index.htm;
}
}
#Create an ip2.conf in the / www / server / panel / Vhost / nginx directory
server
{
listen 127.0.0.2:80;
server_name www.test.com;
location / {
root html;
index index.html index.htm;
}
}Port based configuration
#Create a port1. Conf in / www / server / panel / Vhost / nginx directory
server
{
listen 80;
server_name www.test.com;
location / {
root html;
index index.html index.htm;
}
}
#Create a port2. Conf in the / www / server / panel / Vhost / nginx directory
server
{
listen 81;
server_name www.test.com;
location / {
root html;
index index.html index.htm;
}
}Based on multiple host names
#Create a host1. Conf in the / www / server / panel / Vhost / nginx directory
server
{
listen 80;
server_name www.test1.com;
location / {
root html;
index index.html index.htm;
}
}
#Create a host2. Conf in the / www / server / panel / Vhost / nginx directory
server
{
listen 80;
server_name www.test2.com;
location / {
root html;
index index.html index.htm;
}
}Nginx’s own module
Nginx can view the modules installed by nginx through the command nginx – V
–with-http_stub_status_module
Used to display the client status information of the current nginx
Add the following to the sever {} layer in the nginx configuration of laravel
location = /basic_status {
stub_status;
}Through the configured domain name / Basic_ You can view the following contents on the status page
Active connections: the current number of active client connections, including the number of waiting connections.
Accept: the total number of client connections accepted
Handled: the total number of connections processed. Generally, the value of this parameter should be consistent with the values of accept, unless a certain limit (worker) is obtained_ connections).
Requests: the total number of client requests.
Reading: nginx is reading the current number of connections in the request header.
Writing: nginx is writing the response back to the client’s current number of connections.
Waiting: the current number of idle client connections waiting for requests.
–with-http_sub_module
Modifies the response by replacing one specified string with another
The module is applicable to: http, server, location
server{
listen 80;
server_name test.com;
root /www/wwwroot/default;
index index.php index.html index.htm default.php default.htm default.html;
#Replace sub with sub
sub_filter 'sub' 'SUB';
#Replace the switch only once
sub_filter_once off;
}
#/www/wwwroot/default/ index.html The contents are as follows
sub sds sub sub
Fastcgi related configuration
Fastcgi is a protocol that specifies the interface between fastcgi application and web server supporting fastcgi. Fastcgi is binary continuous.
The following is the basic PHP request forwarding configuration for nginx forwarding
#Match the request with the suffix PHP
location ~ \.php$ {
#Define root directory
root /usr/share/nginx/html;
#Forward the request to the fastcgi management process for processing
fastcgi_pass 127.0.0.1:9000;
#If the requested URI ends with /, the file set by this directive is appended to the URI and saved in the variable $fastcig_ script_ Name
fastcgi_index index.php;
#Configure fastcgi parameters
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}Fastcgi cache core configuration
fastcgi_ cache_ Path: set the cache path and other parameters. The cache data is stored in a file. The key names and file names in the cache are the result of applying the MD5 feature to the proxy URL
fastcai_ cache_ Key: defines the key used for caching
fastcgi_ Cache: defines the shared memory area used for caching
fastcgi_ cache_ Valid: set the cache time of different response codes
For more relevant fastcgi parameters, please refer toOfficial documents
Common functions
Load balancing configuration
See another blog I wrote for related configurationSimple practice to build nginx load balancing
Static and dynamic separation configuration
Reference blogOverview of nginx dynamic and static separation
The static and dynamic separation is used to separate the static and dynamic separation and the static request through the middle;
By separating dynamic requests from static requests through middleware, unnecessary consumption of requests can be built and the delay of requests can be reduced.
The dynamic request and static request are separated by middleware. The logic diagram is as follows:
There are only benefits of the separation: after the separation, even if the dynamic service is not available, the static resources will not be affected.
However, the current common practice is to upload images to cloud storage, which may be less likely to configure relevant parameters on their own nginx to store static resources such as pictures and videos
Simple example
location / {
root /code/wordpress;
index.php;
}
location ~* \.(png|jpg|mp4)${
#Specify picture path
root /code/wordpress/images;
#Compression
gzip on;
.....
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
.....
}Anti theft chain
reference resourcesNginx security chain configuration
In order to prevent the third party to refer to the link to visit our pictures and consume server resources and network traffic, we can do anti-theft chain restriction on the server.
There are two ways to realize anti-theft chain: refer mode and signature mode.
Refer mode
Work module: NGX_ http_ referer_ module
Action variable: $invalid_ Referer, global variable
Configuration domain: server, location
server
{
listen 80;
server_name nginx.sonew.shop;
root /www/wwwroot/test;
index 1.html;
default_type text/html;
location ~*\.(gif|jpg|jpeg|png|bmp|swf)$ {
valid_referers none blocked nginx.sonew.shop;
if ($invalid_referer) {
return 403;
}
}
}
valid_ Referers: specify that resource access is legal in the following ways: white list.
None: allow missing header access.
Blocked: allows requests where the referer has no corresponding value.
server_ Names: if referer site domain name and server_ Name is the same as the local domain name in name.Signature method
Working module: the third-party module httpaccesskeymodule.
Need to install a third-party module, not yet hands-on practice…
server {
listen 80;
server_name www.imcati.com nginx.sonew.shop;
root /usr/share/nginx/html;
location ~*\.(gif|jpg|jpeg|png|bmp|swf)$ {
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "key";
accesskey_signature "mypass$remote_addr";
}
}
#AccessKey on | off: module switch
#accesskey_ Hashmethod MD5 | SHA-1: signature encryption
#accesskey_ Arg: get parameter name
#accesskey_ Sign: encryption rule
//$sign = md5('mypass' . $_SERVICE['REMOTE_ADDR']);
//img src=/test.png?key=<?=$sign?>This work adoptsCC agreementThe author and the link to this article must be indicated in the reprint