Shulou(Shulou.com)06/03 Report--

This article will explain in detail how to configure nginx to achieve hotlink protection and optimize FPM. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Configure nginx to realize hotlink protection

In the enterprise website service, it is generally necessary to configure the hotlink protection function to avoid illegal theft of website content and cause economic losses.

Nginx hotlink protection is also very powerful. By default, you only need to make a simple configuration to implement put-to-chain processing.

Experimental environment

A nginx server, a test client, a stolen chain machine

Experimental process

Deploy nginx services on the 1.nginx server

Nginx deployed successfully!

two。 Configure the stolen chain machine

Create a web page of the stolen link machine.

Unless you use a local domain name to access

If the match is invalid, otherwise jump to an error.png page

Configuration description

Valid_referers: set a trusted website, that is, a website that can reference the corresponding images none: if the referer is empty in the browser, it means that the blocked:referer is not empty when the image is accessed directly in the browser, but the value is deleted by the proxy or firewall These values do not begin with http:// or https:// following the URL or the URL if' statement in the domain name referer that contains the relevant string: if the source domain name of the link is no longer in the list listed by valid_referers, and $invalid-referer is 1, perform the following action That is, to rewrite or return to the 403 page [root@localhost ~] # cd / usr/local/nginx/ [root@localhost nginx] # lsclient_body_temp fastcgi_temp logs sbin uwsgi_tempconf html proxy_temp scgi_ temp [root @ localhost nginx] # cd html/ [root@localhost html] # ls50x.html index.html qq.jpg [root@localhost html] # mount.cifs / / 192.168.254.10/linuxs / abcPassword for root @ / / 192.168.254.10/linuxs: [root@localhost html] # cd / abc [root@localhost abc] # lserror.png [root@localhost abc] # cp error.png / usr/local/nginx/html/ [root@localhost abc] # cd-/ usr/local/nginx/html [root@localhost html] # ls50x.html error.png index.html qq.jpg [root@localhost html] # grep "qq.jpg" index.html

[root@localhost html] # service nginx start [root@localhost html] # netstat-natp | grep 80tcp 0 0 192.168.247.1930 root@localhost html 80 0.0.0.0 natp * LISTEN 3038/nginx: master

To use a domain name, you need to use the dns resolution service

For more information on building dns, please see my previous blog.

Then specify the dns server of the hotlink host and client

Start setting up stolen phones.

Open the control panel in win10, open programs and functions in the control panel, and turn on or off functions in it. Click

Then click internet informatoion servers

Turn off the firewall of machine theft.

Then the client visits the theft website.

Hotlink hotlink is successful. Next, do hotlink protection:

[root@localhost html] # vim / usr/local/nginx/conf/nginx.conflocation ~ *\. (jpg | gif | swf) ${valid_referers none blocked * .shl.com shl.com; if ($invalid_referer) {rewrite ^ / http://www.shl.com/error.png;}}

Restart the nginx service

[root@localhost named] # service nginx stop [root@localhost named] # service nginx start

Hotlink protection configured successfully

Example of FPM optimization parameter adjustment

Optimization reason: the server is a cloud server and runs a personal forum. The memory is 1.5 GB, the number of FPM processes is 20, and the memory consumption is nearly 1 GB. It is relatively slow to optimize the parameter adjustment.

When FPM starts, there are 5 processes, a minimum of 2 processes, a maximum of 8 processes, and a maximum of 20 processes [root@localhost ~] # vim / usr/local/php/etc/php-fpm.confpid = run/php-fpm.pidpm = dynamicpm.max_children=20pm.static_servers = 5pm.min_spare_servers = 2pm.max_spare_servers = 8

These are the details of configuring nginx for hotlink protection and optimizing FPM. Do you have anything to gain after reading it? If you want to know more about it, you are welcome to follow the industry information!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.