Let me also summarize the knowledge of nginx

Time:2020-11-24

Recently, I want to deeply study the related knowledge of nginx, so I summarize the following contents.

What is nginx?

Nginx is a free, open source, high-performance HTTP server and reverse proxy server; it is also an IMAP, POP3, and SMTP proxy server; nginx can be used as an HTTP server for website publishing, and nginx can be used as a reverse proxy for load balancing.

Advantages of nginx

1. Can be highly concurrent

The official test shows that nginx can support 50000 concurrent connections, and the actual production environment can support 20000-40000 concurrent connections.

The main reason is that nginx uses the latest epoll (linux2.6 kernel) and kqueue (FreeBSD) network I / O model, while Apache uses the traditional select model. Its relatively stable prefork mode is multi process mode, which needs to generate subprocesses frequently. Therefore, the CPU and other server resources consumed by nginx are much higher than those of nginx.

2. Less memory consumption

The nginx + PHP (fastcgi) server, with 30000 concurrent connections, opens 10 nginx processes, consuming 150MB of memory and 15MB of memory10 = 150MB, the 64 php-cgi processes opened consume 1280 memory, 20MB64 = 1280mb, plus the memory consumed by the system itself, the total memory consumption is less than 2GB.
If the memory of the server is relatively small, only 25 php-cgi processes can be opened, so that the total memory consumed by php-cgi is only 500MB.

3. Low cost

The purchase of f5big-ip, NetScaler and other hardware load balancing switches requires more than 100000 to hundreds of thousands of RMB. Nginx is an open-source software, which adopts the 2-clause bsd-like protocol. It can be tried for free and can be used for commercial purposes.

BSD open source protocol is a protocol that gives users great freedom. It points out that they can freely use and modify the source code, or redistribute the modified code as open source or special software.

4. The configuration file is very simple

The network is as easy to understand as the program, even if the non dedicated system administrator can understand.

5. Support rewrite

It can divide HTTP requests into different back-end server groups according to different domain names and URLs.

6. Built in health check function

If a web server on the back end of nginxproxy goes down, the access to the front end will not be affected.

7. Save bandwidth

Support gzip compression, can add browser local cache header.

8. High stability

For reverse agents, the probability of downtime is minimal.

9. Support hot deployment

Nginx supports hot deployment, and its automation is particularly easy. Moreover, it can run continuously for almost 7 days * 24 hours. Even if it runs for several months, it does not need to restart. It can also upgrade the software version without interruption of service.

Nginx configuration parameters

reference resourcesNginx configuration common parameters, read this article is enough

Look at the pagoda with me nginx.conf Configuration as an example

##Main module
#Configure users or groups
user  www www;

#The number of worker processes started by nginx. It is recommended to be the number of CPU cores
worker_processes auto;

#Specify log path, level. This setting can be put into global block, HTTP block and server block. The level is as follows: ා debug | info | notice | warn | error | crit | alert | emerg
error_log  /www/wwwlogs/nginx_error.log  crit;

#Specify the storage address of nginx process running file
pid        /www/server/nginx/logs/nginx.pid;

#Configure the maximum number of open files for the nginx worker process
worker_rlimit_nofile 51200;

##Event module
events
    {
        #Event driven model, select | poll | kqueue | epoll | Resig | / dev / poll | eventport. It is not recommended to set, and nginx will choose by itself
        use epoll;

        #The maximum number of connections. The default is 512
        worker_connections 51200;

        #Set whether a process accepts multiple network connections at the same time. The default value is off
        multi_accept on;

        #Set network connection serialization to prevent group panic. The default value is
        #on accept_mutex on;

        #Default: 500ms. If a process has no mutex, how long will it be delayed at least. By default, the delay is 500 ms. 
        #accept_mutex_delay 100ms;
    }

#HTTP module
http
    {
        #File extension and file type mapping table
        include       mime.types;

        #include luawaf.conf;

        #Introduction proxy.conf The configuration is related to nginx proxy. The configuration content is as follows
        include proxy.conf;

        #The default file type is text / plain by default
        default_type  application/octet-stream;

        #The hash table that holds the server name is set by the command server_ names_ hash_ max_ Size and server_ names_ hash_ bucket_ Size controlled
        server_names_hash_bucket_size 512;

        #Set request buffer
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;

        #The size limit of uploaded files is 1m by default
        client_max_body_size 50m;

        #Sendfile is allowed to transfer files. The default is off
        sendfile   on;
        #The data packet will not be sent out immediately. When the data packet is the largest, it will be transmitted once and for all, which will help to solve the network congestion. When using the sendfile function, TCP_ Nopush works
        tcp_nopush on;

        #The connection timeout is 75s by default
        keepalive_timeout 60;

        #Causes the data in the buffer to be sent immediately
        tcp_nodelay on;

        #Specifies the timeout to connect to the backend fastcgi
        fastcgi_connect_timeout 300;

        #Specifies the timeout for sending requests to fastcgi, which is the timeout for sending requests to fastcgi after two handshakes have been completed
        fastcgi_send_timeout 300;

        #Specifies the timeout for receiving fastcgi replies. This value is the timeout for receiving fastcgi replies after two handshakes have been completed
        fastcgi_read_timeout 300;

        #Specifies the size of the buffer required to read the first part of the fastcgi reply
        fastcgi_buffer_size 64k;

        #Specifies how many and how large buffers are needed locally to buffer fastcgi's reply requests
        fastcgi_buffers 4 64k;

        fastcgi_busy_buffers_size 128k;
        #Indicates the size of the data block to use when writing to the cache file. The default value is fastcgi_ Twice the number of buffers.
        fastcgi_temp_file_write_size 256k;

        #Do you want to pass 4xx and 5xx error messages to the client, or allow nginx to use error_ Page processing error information
        fastcgi_intercept_errors on;

        ##Enable gzip resource compression
        gzip on;

        #Gzip is used for compression when the returned content is greater than this value, in K units. When the value is 0, all pages are compressed.
        gzip_min_length  1k;

        #Sets the number and size of buffers used to process request compression
        gzip_buffers     4 16k;

        #It is used to identify the version of HTTP protocol. Earlier browsers do not support gzip compression, and users will see garbled code. Therefore, this option is added to support previous versions. Gzip compression is not enabled by default under the HTTP / 1.0 protocol.
        gzip_http_version 1.1;

        #Set the gzip compression level. The lower the level, the faster the compression speed and the smaller the file compression ratio. Otherwise, the slower the speed, the greater the file compression ratio
        gzip_comp_level 2;

        #Set the MIME type to be compressed. If the request is not in the range of the set type, it will not be compressed
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;

        #Add response header "vary: accept encoding"
        gzip_vary on;

        #When nginx acts as a reverse proxy, enable:
        #Off – turn off all agent result data compression
        #Expired – enable compression if the header contains an "expired" header
        #No cache - if the header contains "cache"- Control:no-cache ”Header information, compression enabled
        #No store - if the header contains "cache"- Control:no-store ”Header information, compression enabled
        #Private – if the header contains "cache"- Control:private ”Header information, compression enabled
        #no_ last_ Modified – enables compression if the header contains' last '_ Modified "header, enable compression
        #no_ Etag – enables compression, if the header contains "Etag" header information, enables compression
        #Auth – enable compression, if the header contains "authorization" header information, enable compression
        #Any – unconditionally compress all result data
        gzip_proxied   expired no-cache no-store private auth;

        #The expression indicates which UA headers do not use gzip compression
        gzip_disable   "MSIE [1-6]\.";

        #Request limit, the limit on the number of simultaneous connections of a single IP and a single session. Here we define a storage area Conn_ zone,conn_ The capacity of the zone is 1m, and the storage area is for the variable $binary_ remote_ Add takes effect. Here, it takes effect for a single IP.
        limit_conn_zone $binary_remote_addr zone=perip:10m;

        #For domain name restrictions
        limit_conn_zone $server_name zone=perserver:10m;

        #Hide version number
        server_tokens off;

        #Close access_ Log, that is, access logs are not recorded
        access_log off;

#Server {} is contained in http {} and each server {} is a virtual host (site)
server
    {
        #The monitoring port is 888. You can customize other ports or add IP address
        listen 888;

        #Define the website domain name, can write more than one, separated by spaces
        server_name phpmyadmin;

        #Default access file
        index index.html index.htm index.php;

        #Define the site root directory, which can be a relative path or an absolute path
        root  /www/server/phpmyadmin;

        #Define 404 pages
        #error_page   404   /404.html;
        include enable-php.conf;

        #Match requests ending with GIF, JPG, JPEG, PNG, BMP, swf
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            #The control page uses cache, and the cache time is 30 days
            expires 30d;
        }

        #Match requests ending with JS, CSSF
        location ~ .*\.(js|css)?$
        {
            #The control page uses cache, and the cache time is 12 hours
            expires 12h;
        }

        #Match forbidden access
        location ~ /\.
        {
            deny all;
        }

        #To define access logs, you can set their own access logs for each server (that is, each site)
        access_log  /www/wwwlogs/access.log;
    }
#Import all configuration files ending in. Conf in this directory    
include /www/server/panel/vhost/nginx/*.conf;
}

proxy.conf The contents are as follows

#The temporary file definition directory that stores the data received from the proxy server
proxy_temp_path /www/server/nginx/proxy_temp_dir;

#Indicates the path where the cache file is stored. The path is created in advance
#(levels = 1:2: set the number of level hash directory relative to the path specified directory to cache data, levels = 1, represents the first level hash directory, levels = 1:2, represents the two-level hash directory, and the directory name is obtained by hash algorithm based on the request URL)
#(keys_ zone=cache_ one:500m  : set cache name)
#(inactive = 1D: forced update time. If no one accesses within the specified time, the cache will be deleted)
#(max_ Size = 30g: set the size limit and maximum cache space of cache data in hard disk)
proxy_cache_path /www/server/nginx/proxy_cache_dir levels=1:2 keys_zone=cache_one:20m inactive=1d max_size=5g;

#The buffer size of client request body is used to process post, submit data, upload files, etc. client_ body_ buffer_ Size needs to be large enough to hold post data if it needs to be uploaded
client_body_buffer_size 512k;

#Set the timeout for the connection to the upstream server. It is important to remember that the timeout cannot exceed 75 seconds.
proxy_connect_timeout 60;

#Set the read timeout with the proxy server. It determines how long nginx will wait for a response to a request.
proxy_read_timeout 60;

#Set the timeout for sending requests to the upstream server. The timeout is not set for the entire send period, but during two write operations. If upstream does not receive new data after the timeout, nginx will close the connection
proxy_send_timeout 60;

#Nginx uses this size to request read_ BUF, that is, the size specifies the maximum length of the upstream header. If the response header exceeds this length, nginx will report an upstream send too big header error, and then the client receives 502.
proxy_buffer_size 32k;

#Set the number of buffers and the size of each buffer used by the body that stores the response of the proxy server. Specifically, it means to open up 4 reads with a length of 64K_ BUF is used to store the body. Of course, it does not open up four bufs at the time of connection establishment and initialization. It will only apply for a new buf when the previous buf is not enough to respond to the body, with a maximum of four bufs.
proxy_buffers 4 64k;

#Nginx will start to transfer data to the client before reading the back-end response completely, so it will delimit a part of buffer in busy state to send data to the client (proxy is recommended)_ Then it continues to fetch data from the back end. proxy_ busy_ buffer_ The size parameter is used to set the size of the buffer in the busy state.
proxy_busy_buffers_size 128k;

#The size of temporary file that can be written in one access. The default is proxy_ buffer_ Size and proxy_ Twice the size of the buffer set in buffers
proxy_temp_file_write_size 128k;

#Specifies the HTTP method uses in requests forwarded to the proxy server 
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;

##Use cache_ One
proxy_cache cache_one;

Nginx configuration of laravel project

server
{
    #Monitoring port 80
    listen 80;

    #Listen to port 443 and use SSL protocol
    listen 443 ssl http2;

    #Define website domain name
    server_name test.com;

    #Default access file
    index index.php index.html index.htm default.php default.htm default.html;

    #Root directory
    root /www/wwwroot/test/public;

    #Force the use of HTTPS. When the listening port is not 443, the route will be rewritten
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }

    #Configure SSL certificate
    ssl_certificate    /www/server/panel/vhost/cert/test.com/fullchain.pem;

    #Configure SSL key
    ssl_certificate_key    /www/server/panel/vhost/cert/test.com/privkey.pem;

    #Used to restrict the connection to include only the strong version and password of SSL / TLS
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

    ssl_prefer_server_ciphers on;

    #Sets the type and size of the cache that stores session parameters
    ssl_session_cache shared:SSL:10m;

    #Specifies when a client can reuse session parameters
    ssl_session_timeout 10m;
    #Define 497 error prompt page
    error_page 497  https://$host$request_uri;

    #Php-info-start PHP reference configuration, which can be commented or modified
    include enable-php.conf;
    #PHP-INFO-END

    #URL rewriting rules of laravel
    location / {  
        try_files $uri $uri/ /index.php$is_args$query_string;  
    }

    #Forbidden file or directory
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #One click SSL certificate verification directory related settings
    location ~ \.well-known{
        allow all;
    }

    #Match requests ending with GIF, JPG, JPEG, PNG, BMP, SWF and add cache time is 30 days
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log off;
        access_log /dev/null;
    }

    #Match the request ending with JS, CSS and add the cache time is 12 hours
    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log off;
        access_log /dev/null; 
    }
    #Access log
    access_log  /www/wwwlogs/test.com.log;
    #Error log
    error_log  /www/wwwlogs/test.com.error.log;
}

enable- php.conf The contents are as follows

#Match the request that contains. PHP in the URL
location ~ [^/]\.php(/|$)
{
#Find the file, if the file does not exist, return 404
try_files $uri =404;

#Forward the request to the fastcgi management process for processing
fastcgi_pass  unix:/tmp/php-cgi-72.sock;

#If the requested URI ends with /, the file set by this directive is appended to the URI and saved in the variable $fastcig_ script_ Name
fastcgi_index index.php;

#Set the parameters in fastcgi request. The specific settings can be found in the$_ Server

#The path of the script file request
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

#Requested parameters
fastcgi_param  QUERY_STRING       $query_string;

#Requested action (get, post)
fastcgi_param  REQUEST_METHOD     $request_method;

#Content type field in request header
fastcgi_param  CONTENT_TYPE       $content_type;

#Content length field in request header
fastcgi_param  CONTENT_LENGTH     $content_length;

#Script name
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;

#The requested address has no parameters
fastcgi_param  REQUEST_URI        $request_uri;

#Same as $URI.
fastcgi_param  DOCUMENT_URI       $document_uri;

#The root directory of the web site. The value specified in the root directive in the server configuration
fastcgi_param  DOCUMENT_ROOT      $document_root;

#The protocol used by the request, usually http / 1.0 or http / 1.1
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

#Get the request protocol such as HTTP or HTTPS
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

#CGI version
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;

#Nginx version number, can be modified and hidden
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

#Client IP
fastcgi_param  REMOTE_ADDR        $remote_addr;

#Client port
fastcgi_param  REMOTE_PORT        $remote_port;

#Server IP address
fastcgi_param  SERVER_ADDR        $server_addr;

#Server port
fastcgi_param  SERVER_PORT        $server_port;

## server name, the server specified in the server configuration_ name 
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

#Set script name
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
        set $real_script_name $1;
        set $path_info $2;
 }
 #Setting custom variables
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
}

Location, rewrite syntax configuration

Location configuration and rewrite syntax
Redirection configuration and practice of rewrite in nginx

Nginx common commands

Help command: nginx – H
View process: PS aux | grep nginx
Check configuration file: nginx – t
View nginx version and module: nginx – V
Start nginx server: sudo nginx
Specify boot configuration file: sudo nginx – C / usr / local / nginx / conf/ nginx.conf
Sudo nginx – s stop
Elegant stop service: sudo nginx – s quit
Reload configuration file: sudo nginx – s reload

Nginx variable

reference resourcesVariables of nginx

The system variables for nginx are provided by each module compiled into nginx. Users can also define their own variables.

Common nginx variables

variable effect
arg_ Parameter name The value of a specific parameter in the URL
query_string Exactly the same as the args variable
args All URL parameters
is_args If there are parameters in the URL of the request, return? Otherwise, it returns null
content_length The value of the content length header that identifies the length of the package body in the HTTP request. If the header does not have this value, it is empty
content_type Value that identifies the content type header of the request package type
uri The URI of the request (does not contain, does not contain the parameter after?)
document_uri Exactly the same as URI
request_uri The URL of the request (including the parameters after?)
scheme Protocol name HTTP or HTTPS
request_method The requested method get or post
request_length The size of all request contents, including request line, header, package body, etc
remote_user There is a user name passed in by HTTP basic authentication protocol
request Original URL request with method and protocol version

TCP related variables

variable effect
binary_remote_addr The integer format of client geology, which is 4 bytes for IPv4
remote_addr Client address
remote_port Client port
connection Incremental connection number
connection_requests The number of requests executed on the current connection, which is meaningful for keepalive
proxy_protocol_addr If proxy is used_ Protocol returns the address in the protocol
proxy_protocol_port If proxy is used_ Protocol returns the port in the protocol
server_addr Server address (local address)
server_port Server port
TCP_INFO TCP kernel layer parameters $tcpinfo_ rtt,$tcpinfo_ rttvar,$tcpinfo_ snd_ cwnd,$tcpinfo_ rcv_ space)
server_protocol Server side protocols, such as http

Variables generated during nginx processing requests

variable effect
request_time Time taken for request processing
server_name Match request server on_ name
request_completion If the request is processed, OK is returned; otherwise, it is empty
request_id The ID of the request ID, which is prohibited by 16, is generated

Nginx system variable

variable effect
time_local Standard output in local time
pid ID of the worker process it belongs to
hostname It is consistent with the output of hostname on the system

Virtual host configuration

Virtual host is a special software and hardware technology. It can divide each computer on the network into multiple virtual hosts. Each virtual host can provide www services independently. In this way, a host can provide multiple web services to the outside world. Each virtual host is independent and does not affect each other

Let me also summarize the knowledge of nginx

Take the above configuration path of nginx in pagoda as an example

Multi IP based on host

#Create an ip1.conf in the / www / server / panel / Vhost / nginx directory
server
{
    listen 127.0.0.1:80;
    server_name www.test.com;
    location / {
        root html;
        index index.html index.htm;
    }
}

#Create an ip2.conf in the / www / server / panel / Vhost / nginx directory
server
{
    listen 127.0.0.2:80;
    server_name www.test.com;
    location / {
        root html;
        index index.html index.htm;
    }
}

Port based configuration

#Create a port1. Conf in / www / server / panel / Vhost / nginx directory
server
{
    listen 80;
    server_name www.test.com;
    location / {
        root html;
        index index.html index.htm;
    }
}

#Create a port2. Conf in the / www / server / panel / Vhost / nginx directory
server
{
    listen 81;
    server_name www.test.com;
    location / {
        root html;
        index index.html index.htm;
    }
}

Based on multiple host names

#Create a host1. Conf in the / www / server / panel / Vhost / nginx directory
server
{
    listen 80;
    server_name www.test1.com;
    location / {
        root html;
        index index.html index.htm;
    }
}

#Create a host2. Conf in the / www / server / panel / Vhost / nginx directory
server
{
    listen 80;
    server_name www.test2.com;
    location / {
        root html;
        index index.html index.htm;
    }
}

Nginx’s own module

Nginx can view the modules installed by nginx through the command nginx – V
Let me also summarize the knowledge of nginx

–with-http_stub_status_module

Used to display the client status information of the current nginx

Add the following to the sever {} layer in the nginx configuration of laravel

location = /basic_status {
      stub_status;
}

Through the configured domain name / Basic_ You can view the following contents on the status page
Let me also summarize the knowledge of nginx

Active connections: the current number of active client connections, including the number of waiting connections.

Accept: the total number of client connections accepted

Handled: the total number of connections processed. Generally, the value of this parameter should be consistent with the values of accept, unless a certain limit (worker) is obtained_ connections).

Requests: the total number of client requests.

Reading: nginx is reading the current number of connections in the request header.

Writing: nginx is writing the response back to the client’s current number of connections.

Waiting: the current number of idle client connections waiting for requests.

–with-http_sub_module

Modifies the response by replacing one specified string with another
The module is applicable to: http, server, location

server{
    listen 80;
    server_name test.com;
    root /www/wwwroot/default;
    index index.php index.html index.htm default.php default.htm default.html;
    #Replace sub with sub
    sub_filter 'sub' 'SUB'; 
    #Replace the switch only once
    sub_filter_once off;
}

#/www/wwwroot/default/ index.html The contents are as follows
sub sds sub sub

Let me also summarize the knowledge of nginx

Fastcgi related configuration

Fastcgi is a protocol that specifies the interface between fastcgi application and web server supporting fastcgi. Fastcgi is binary continuous.

Let me also summarize the knowledge of nginx

The following is the basic PHP request forwarding configuration for nginx forwarding

#Match the request with the suffix PHP
location ~ \.php$ {
        #Define root directory
        root           /usr/share/nginx/html;

        #Forward the request to the fastcgi management process for processing
        fastcgi_pass   127.0.0.1:9000;

        #If the requested URI ends with /, the file set by this directive is appended to the URI and saved in the variable $fastcig_ script_ Name
        fastcgi_index  index.php;

        #Configure fastcgi parameters
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
   }

Fastcgi cache core configuration

fastcgi_ cache_ Path: set the cache path and other parameters. The cache data is stored in a file. The key names and file names in the cache are the result of applying the MD5 feature to the proxy URL
fastcai_ cache_ Key: defines the key used for caching
fastcgi_ Cache: defines the shared memory area used for caching
fastcgi_ cache_ Valid: set the cache time of different response codes

For more relevant fastcgi parameters, please refer toOfficial documents

Common functions

Load balancing configuration

See another blog I wrote for related configurationSimple practice to build nginx load balancing

Static and dynamic separation configuration

Reference blogOverview of nginx dynamic and static separation

The static and dynamic separation is used to separate the static and dynamic separation and the static request through the middle;
By separating dynamic requests from static requests through middleware, unnecessary consumption of requests can be built and the delay of requests can be reduced.
The dynamic request and static request are separated by middleware. The logic diagram is as follows:

Let me also summarize the knowledge of nginx

There are only benefits of the separation: after the separation, even if the dynamic service is not available, the static resources will not be affected.

However, the current common practice is to upload images to cloud storage, which may be less likely to configure relevant parameters on their own nginx to store static resources such as pictures and videos

Simple example

location / {
    root /code/wordpress;
    index.php;
}
location ~* \.(png|jpg|mp4)${
     #Specify picture path
    root /code/wordpress/images;
    #Compression
    gzip on;
    .....
}
location ~ \.php$ {
    fastcgi_pass 127.0.0.1:9000;
    .....
}

Anti theft chain

reference resourcesNginx security chain configuration

In order to prevent the third party to refer to the link to visit our pictures and consume server resources and network traffic, we can do anti-theft chain restriction on the server.

There are two ways to realize anti-theft chain: refer mode and signature mode.

Refer mode

Work module: NGX_ http_ referer_ module

Action variable: $invalid_ Referer, global variable

Configuration domain: server, location

server
{
    listen 80;
    server_name nginx.sonew.shop;
    root /www/wwwroot/test;
    index 1.html;
    default_type text/html;
    location ~*\.(gif|jpg|jpeg|png|bmp|swf)$ {
        valid_referers none blocked nginx.sonew.shop;
        if ($invalid_referer) {
            return 403;
        }
    }
}

valid_ Referers: specify that resource access is legal in the following ways: white list.
None: allow missing header access.
Blocked: allows requests where the referer has no corresponding value.
server_ Names: if referer site domain name and server_ Name is the same as the local domain name in name.

Signature method

Working module: the third-party module httpaccesskeymodule.
Need to install a third-party module, not yet hands-on practice…

server {
    listen       80;
    server_name  www.imcati.com nginx.sonew.shop;
    root /usr/share/nginx/html;

    location ~*\.(gif|jpg|jpeg|png|bmp|swf)$ {
        accesskey on;
        accesskey_hashmethod md5;
        accesskey_arg "key";
        accesskey_signature "mypass$remote_addr";
    }
}
#AccessKey on | off: module switch
#accesskey_ Hashmethod MD5 | SHA-1: signature encryption
#accesskey_ Arg: get parameter name
#accesskey_ Sign: encryption rule

//$sign = md5('mypass' . $_SERVICE['REMOTE_ADDR']);
//img src=/test.png?key=<?=$sign?>

This work adoptsCC agreementThe author and the link to this article must be indicated in the reprint

Recommended Today

PHP 12th week function learning record

sha1() effect sha1()Function to evaluate the value of a stringSHA-1Hash. usage sha1(string,raw) case <?php $str = “Hello”; echo sha1($str); ?> result f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0 sha1_file() effect sha1_file()Function calculation fileSHA-1Hash. usage sha1_file(file,raw) case <?php $filename = “test.txt”; $sha1file = sha1_file($filename); echo $sha1file; ?> result aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d similar_text() effect similar_text()Function to calculate the similarity between two strings. usage similar_text(string1,string2,percent) case […]