Shulou(Shulou.com)06/01 Report--

This article shares with you the content of the sample analysis of Nginx hotlink protection and service optimization configuration. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Hide nginx version number to view version number

Method 1: curl command

You can use the command curl-I http://192.168.80.130 in CentOS to display the header information of the response message.

Curl-I http://192.168.80.130

Method 2: view it in the web page

1. # change to the html directory and drag an image into it

Cd / usr/local/nginx/html

2. # View in the web page

Http://192.168.59.118/game.png

Hide version information

Method 1: modify the configuration file

1.# modify the configuration file vim / usr/local/nginx/conf/nginx.conf ````handlebarshttp {include mime.types; default_type application/octet-stream; server_tokens off; # add, close the version number.} 2.# restart nginxsystemctl restart nginx 3.# check whether the version is hidden curl-I http://192.168.80.130

Method 2: modify the source file, recompile and install

You can customize the version number, which can be confusing.

1. # change to the directory where the nginx installation package is located, cd / opt/2. # stop the nginx service systemctl stop nginx.service3. # change to the installation directory cd nginx-1.12.0/4. # change to the kernel directory cd src/core/5. # enter the configuration file vim nginx.h#define NGINX_VERSION "buddy" # define NGINX_VER "666 /" NGINX_VERSION6. # change to the file directory cd. /.. / 7. # compile. / configure\-prefix=/usr/local/nginx\-user=nginx\-- group=nginx\-- with-http_stub_status_module8. # install make & & make install-J49. # Open vim / usr/local/nginx/conf/nginx.confserver_tokens on;10. # restart nginxsystemctl restart nginx11 under the configuration file. # View version information curl-I http://192.168.59.118 modify user and group 1. # modify configuration file vim / usr/local/nginx/conf/nginx.confuser dayu dayu; # uncomment, modify user to dayu, group to dayu2. # create a non-login user useradd-s / sbin/nologin dayu3. # restart the service systemctl restart nginx4. # check whether ps aux has been modified successfully | grep nginx

Cache time

When nginx returns the web page data to the client, the caching time can be set to facilitate direct return when making requests for the same content in the future, avoid repeated requests, and speed up the access speed. Generally, the caching time is set for static web pages, but not for dynamic web pages.

1. # modify the configuration file vim / usr/local/nginx/conf/nginx.conf # to add the following content location ~\. (jpg | png | bmp | gif) ${root html; expires 1d;} 2. # check to see if there is a syntax error nginx-T3. # restart the service systemctl restart nginx.service 4.# viewing the service in the web page http://192.168.80.130/good.jpg Cahce-Control:max-age=86400 indicates that the cache time is 86400 seconds. That is, caching for a day, and browsers accessing this page within a day use the cached data instead of reissuing a request to the Nginx server, reducing the bandwidth used by the server.

Log segmentation

With the increase of Nginx running time, the generated logs will gradually increase. In order to grasp the running status of Nginx, we need to pay attention to Nginx log files all the time. Too large log files are a catastrophe for monitoring, which is not convenient for analysis and troubleshooting, so log files need to be cut regularly.

1. # script vim / usr/local/nginx/nginx_log.sh #! / bin/bash#this is for divide nginx logd=$ (date +% F-d-1day) # display the previous day's time path= "/ var/log/nginx" pid= "/ usr/local/nginx/logs/nginx.pid" [- d $path] | | mkdir-p $path # create log file directory mv / usr/local/nginx/logs/access.log ${path} / www.yxp.com-$d # move and rename log file kill-USR1 $(cat $pid) # rebuild new log file find $path-mtime + 30-delete # delete log files 30 days ago 2. # Grant permissions chmod + x / usr/local/nginx/nginx_log.sh 3. # schedule tasks [root@localhost nginx] # crontab-e301 * / usr/local/nginx/nginx_log.sh

Configure Nginx to realize connection timeout

HTTP has a KeepAlive mode that tells the web server to keep the TCP connection open after processing a request. If other requests are received from the same client, the server takes advantage of the unclosed connection without the need to establish another connection.

KeepAlive remains open for a period of time, during which time they consume resources. Taking up too much will affect performance.

Vim / usr/ local/nginx/conf/nginx. Confhttp {.keepalive _ timeout 65 180 client header timeout 80 client _ body_ timeout 80.} systemctl restart nginx

Keepalive_ timeout

Specifies the timeout period (timeout) for the KeepAlive. Specify how long each TCP connection can last, after which the server will close the connection.

The default value of Nginx is 65 seconds, and some browsers can only hold 60 seconds at most, so you can set it to 60 seconds. If it is set to 0, the keepalive connection is disabled.

The second (optional) parameter specifies the time value in the response header Keep-Alive: timeout=t ime. This header allows some browsers to actively close the connection, so that the server does not have to close the connection. Without this parameter, Nginx does not send Keep- Alive response headers.

Client_ header_ timeout

The client sends to the server-the timeout of a complete request header. If the client does not send a complete request header within the specified time, Nginx returns HTTP 408 (Request Timed Out).

Client_ body_ timeout

Specifies the timeout for sending requestbody after the client establishes a connection with the server. If the client does not send anything within the specified time, Nginx returns HTTP 408 (Request Timed Out).

Change the number of Nginx running processes

In high concurrency scenarios, more Nginx processes need to be started to ensure fast response to process user requests and avoid blocking

Change the configuration method for the number of processes

Modify configuration file, modify process configuration parameters

Modify the worker_processes parameter of the configuration file

Generally set to the number of CPU or the number of cores

In the case of high concurrency, it can be set to 2 times the number of CPU or cores.

Increasing the number of processes can reduce the overhead of the system and improve the service speed.

Use ps aux to view the changes in the number of running processes

[root@www conf] # cat / proc/cpuinfo | grep-c "physical" 4 [root@www conf] # vi nginx.confworker_ processes 4; [root@www conf] # systemctl restart nginx [root@www conf] # ps aux | grep nginx

By default, multiple processes in Nginx may run on a single CPU, and different processes can be assigned to different CPU processing, making full use of hardware multi-core and multi-CPU.

On a 4-core physical server, configure and assign the process.

[root@www conf] # vi nginx.confworker_ processes 4 position worker _ cpu_ affinity 0001 0010 0100 1000; 1 represents the location of CPU

Configure Nginx to realize the optimized Compression function of Web Page

Nginx's ngx_http_ gzip_module compression module provides the function of compressing the contents of files.

Allow the Nginx server to compress the output before sending the client to save the website bandwidth and enhance the user's access experience. It has been installed by default.

The corresponding compression function parameters can be added to the configuration file to optimize the compression performance.

Compression function parameter 1. # modify configuration file gzip on; # uncomment, turn on gzip compression function gzip_min_length 1k; # minimum compressed file size gzip_buffers 4 16k; # compressed buffer size: 4 16k buffer gzip_http_version 1.1k # compressed version (default 1.1, use 1.0 if the front end is squid2.5) gzip_comp_level 6; # compression ratio gzip_vary on # support the front-end cache server to store compressed page gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss image/jpg image/jpeg image/png image/gif application/x-httpd-php application/javascript application/json # Compression type, indicating which web documents have compression enabled 2. # restart service systemctl restart nginx.service 3. # Web page view http://192.168.59.118/game.png

Configure hotlink protection

In the enterprise website service, it is generally necessary to configure hotlink protection function to avoid illegal theft of website content, resulting in economic losses and unnecessary waste of bandwidth.

The hotlink protection feature of Nginx is also very powerful. By default, you only need to make a very simple configuration to achieve hotlink protection.

Vim / usr/ local/nginx/conf/nginx. Confhttp {. Server {. Location *\. (jpglgiflswf) ${valid_ referers none blocked *. Kgc. Com kgc. Com; if ($invalid referer) {rewrite ^ / http: I / www. Kgc. Com/error . Pngi # return 403;}}. }}

~ *. (jpgIgifIswf) $: this regular expression indicates that matches a case-insensitive file that ends with .jpg or .gif or .swf:

Valid_ referers: set up trusted websites, and you can use images normally:

None: allows requests without http_refer to access resources (according to the definition of Referer, its function is to indicate where a request is linked, if you enter the URL address of a resource directly in the browser's address bar, then the request will not contain the Referer field), such as http:/ / www.dayu.com/ game.jpg

We use http://www. Dayu.com accesses the displayed picture, which can be understood as http://www. Dayu.com/game.jpg this request is from http://www. This link comes from dayu.com.

Blocked: allow requests that do not start with http:// and do not have a protocol to access resources

*。 Dayu. Com: only requests from a specified domain name are allowed to access resources, such as http://www. Dayu.com

If statement: if the source domain name of the link is not in the list listed by valid_ referers, and $invalid_ referer is true, then do the following, that is, rewrite or return to the 403 page.

The configuration of the second machine:

It can still be displayed normally.

Now the anti-theft picture appears.

Supplementary: interview questions: which modules of nginx have been used and what optimizations have been made

Gzip # website data compression

Rewrite # address rewriting

Stub_ status # Statistics of nginx service status

Ssl supports https. # # you must first use openss1 or TLS tools to generate relevant certificates and private key files. Then call the certificate and private key in the ssl module configuration

Upstream # # use nginx to reverse proxy the web cluster and define the cluster server pool

Stream # used to define layer 4 reverse proxy

Auth_ basic # user authentication

Fastcgi # forward the request to php

-- with- module name # enable the module

-- without- module name # disable module

Hidden version number, compression, cache, hotlink protection, continuous maintenance, optimization of worker processes and process connections, log segmentation, reverse proxy

Thank you for reading! This is the end of this article on "sample analysis of Nginx hotlink protection and service optimization configuration". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.