Shulou(Shulou.com)06/02 Report--

Configure Nginx to realize Web Page Compression function

Nginx's ngx_http_gzip_module compression module provides the function of compressing the file content, allowing the Nginx server to compress the output content before sending it to the client, in order to save the website bandwidth and enhance the user's access experience. The corresponding compression function parameters can be added to the configuration file to optimize the compression performance.

Compression function parameters description gzip on: enable gzip compression output gzip_min_length 1k: set the minimum number of bytes of pages allowed to be compressed gzip_buffers 4 16k: apply for 4 units of 16k memory as the compression result stream cache. The default value is to apply for memory space of the same size as the original data to store gzip compression results zip_http_version 1.0: used to set to identify the http protocol version, the default is 1.1 At present, most browsers already support gzip decompression, but the processing is the slowest and consumes server CPU resources gzip_comp_level 2: used to specify gzip compression ratio, 1 compression ratio is the smallest and processing speed is the fastest 9 compression ratio is the largest, the transmission speed is fast, but the processing speed is the slowest, use the default gzip_types text/plain: compression type, which web documents compression function is enabled gzip_vary on: option allows the front-end cache server cache gzip compressed pages 1. Turn off firewall and enhanced security function [root@localhost] # systemctl stop firewalld.service / / turn off firewall [root@localhost] # setenforce 0 / / turn off enhanced security feature [root@localhost ~] # 2. Access the nginx service with the win10 virtual machine and grab the package with the fiddler tool (compression is not enabled)

3. Modify configuration file to enable compression [root@localhost ~] # vim / usr/local/nginx/conf/nginx.conf gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 6; gzip_types text/plain application/x-javascript text/css image/jpeg image/png image/gif application/xml text/javascript application/x-httpd-php application/javasrcipt application/json Gzip_disable "MSIE [1-6]\."; / / enable the compression feature gzip_vary on; [root@localhost ~] # service nginx restart / / restart the service [root@localhost ~] # 4. Use the win10 virtual machine to access the nginx service again, and grab the package with the fiddler tool (compression function is enabled)

Configure Nginx to achieve hotlink protection in corporate website services, hotlink protection is generally configured to avoid illegal theft of website content, resulting in economic losses. Nginx hotlink protection is also very powerful. By default, you only need to make a simple configuration to achieve hotlink protection. Copy the website image and hotlink protection picture to the site directory [root@localhost ~] # mkdir / mnt/tools [root@localhost ~] # mount.cifs / / 192.168.100.50/tools / mnt/tools/Password for root@//192.168.100.50/tools: [root@localhost ~] # cp / mnt/tools/forbid.png / usr/local/nginx/html/ hotlink protection picture [root@localhost ~] # cp picture.jpg / Usr/local/nginx/html/ website image [root@localhost ~] # cd / usr/local/nginx/html/ [root@localhost html] # ls50x.html forbid.png index.html picture.jpg [root@localhost html] # 2. Add a picture reference [root@localhost html] # vim index.htmlWelcome to nginx to the home file!

/ / add [root@localhost html] # 3. Install the dns service [root@localhost html] # yum install bind-y.bat / omit the installation process [root@localhost html] # 4. Modify the main configuration file [root@localhost html] # vim / etc/named.conf options {listen-on port 53 {any;}; / / change 127.0.0.1 to any listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db" Statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;}; / / change localhost to any [root@localhost html] # 5. Modify the zone configuration file [root@localhost html] # vim / etc/named.rfc1912.zoneszone "abc.com" IN {/ / add zone type master;file "abc.com.zone"; allow-update {none;};}; [root@localhost html] # 6. Modify the zone data configuration file [root@localhost html] # cd / var/named/ [root@localhost named] # lsdata dynamic named.ca named.empty named.localhost named.loopback slaves [root@localhost named] # cp-p named.localhost abc.com.zone / / copy a template and rename [root@localhost named] # $TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 127.0.0.1www IN A 192.168.52.131 / add a resolution address [root@localhost named] # systemctl start named / / enable the service [root@localhost named] # 7. Enter the following in a new text document on the win10-1 host, and rename it to index.html hotlink website this is test web

/ / hotlink path

8. Follow these steps to start the web service for the win10-1 system

9. Move the file index.html to the subdirectory wwwroot of the inetpub directory of disk C

10. Change the dns address of win10-1 host and test host win10-2 to Linux virtual machine address respectively.

11. View the IP address of the win10-1 host

twelve。 Use the win10-2 host to access the nginx service site and the win10-1 host web service respectively, and successfully steal the pictures of the nginx service site.

13. Modify the nginx service configuration file and enable hotlink protection [root@localhost named] # vim / usr/local/nginx/conf/nginx.conf location ~ *\. (jpg | gif | swf) ${valid_referers none blocked * .abc.com abc.com; if ($invalid_referer) {rewrite ^ / http://www.abc.com/forbid.png; }} [root@localhost named] # service nginx restart [root@localhost named] # 14. Once again, the win10-2 host is used to access the nginx service site and the web service of the win10-1 host, and the hotlink protection function is enabled successfully.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.