Shulou(Shulou.com)06/03 Report--

A brief introduction to the theoretical explanation 1.1Nginx Rewrite

Nginx Rwrite is the rule rewriting of Nginx service, the main function is to realize the jump of browser access to HTTP URL, in which the relevant regular expressions are based on Perl language. In general, almost all Web servers support URL rewriting.

Rewrite is a kind of server rewriting technology, which enables the server to support URL rewriting. It is the latest popular server technology. It can also implement the function of restricting access to a specific IP to a website. In many cases, the access of an IP can easily cause CPU 100% (for example, some search engines crawl regularly, and others collect a large number of sites). At this time, we need to use some effective means to block the other party's IP, so that he cannot consume the server's resources. There are many ways to block the IP. If your Web server has installed a Rewrite module, you can also try to use Rewrite rules to block the other party's IP.

1.1.1 what is URL?

The definition of Baidu is as follows: URL (Uniform Resource Locator), uniform resource locator. Such a statement seems too abstract because you may have no idea what a "uniform resource locator" is. In fact, we can simply understand URL as the address you need to get resources through the network. (URL) is made up of a string of characters, which can be letters, numbers and special symbols.

Specific examples are as follows:

Php+HTML

Http://www.wangluopx.cn/yunwei/gz/zz/2018-07-03/1940.html

Its specific structure will not be elaborated here, and you can consult the relevant documents if you are interested.

1.1.2 what is the use of "jumping"?

Jump needs to be based on the specific application scenarios in order to really realize the role of nginx rule rewriting to achieve web page jump. The corresponding operations and settings will be carried out later according to different application scenarios. Generally speaking, the role of realizing the jump can be summarized as follows:

Adjust the URL browsed by users to make it standardized; make the search engine include website content to improve the user's experience; hide the real address of the website URL; what language is 1.1.3Perl?

Perl, a feature-rich computer programming language, runs on more than 100 computer platforms and is suitable for a wide range of applications, from mainframes to portable devices, from rapid prototyping to large-scale extensible development.

Perl borrows the features of C, sed, awk, shell scripting languages and many other programming languages, the most important of which is the internal integration of regular expressions and the huge third-party code base CPAN. In short, Perl is as powerful as C and as convenient as scripting languages such as awk and sed. It is called "a fantasy scripting language with various language functions" and "trump card tool in Unix" by Perl language lovers.

1.2 how to achieve Rewrite jump?

Rewrite uses Nginx global variables or self-set variables, combined with regular expressions and flag bits, to achieve URL rewriting and redirection

Which is based on the ngx_http_rewrite_module module

1.2.1Rwrite practical scenario

The realization method of Nginx Jump requirement

● uses rewrite for matching jumps

● jumps after matching global variables with if

● uses location to match and then jump.

Rewrite is placed in server {}, if {}, location {} segments

For a domain name or parameter string

● uses if global variable matching

● uses proxy_ pass reverse proxy

1.2.2 Command syntax

Rewrite [flag]

Flag supported by content rewrite after regular jump

1.2.3location classification

Location = patt {} [exact match]

Location patt {} [general match]

Location ~ patt {} [regular match]

Common expressions for regular matching

Mark description

~ perform a regular match that is case sensitive

~ perform a regular match that is case-insensitive

! ~ perform a regular match, which is case-sensitive

! ~ perform a regular match, case-insensitive mismatch

^ ~ normal character matching; use prefix matching. If the match is successful, no other location will be matched

= normal characters match exactly. That is, it is a perfect match.

@ define a named location, which is used when internally directed

1.2.4location priority

1. For expressions of the same type, long strings will match first.

two。 Arrange by priority

● = Type

● ^ ~ Type expression

● regular expression (~ and ~ *) types

● regular string matching type, matching by prefix

● universal match (/). If there is no other match, any request will match to

1.2.5 compare rewrite and location

1. Identical point

● can jump.

two。 Differences

● rewrite is to change the path to get resources within the same domain name.

● location is used to control access or reverse proxy for a class of paths, and it can also proxy_ pass

To other machines.

3.rewrite will be written in location in the order of execution:

● executes rewrite instructions in the server block

● performs location matching

● executes the rewrite instruction in the selected location

1.2.6location priority rule

Match a specific file

● (location = full path) > (location ^ ~ full path) > (location ~ complete path)

Path) > (location ~ full path) > (location full path) > (location /)

Use directory matching to access a file

● (location= directory) > (location ^ ~ directory /) > (location~ directory) >

(location ~ directory) > (location directory) > (location /)

2. Implementation of Nginx Rewrite configuration examples according to different application scenarios

First of all, let's install the domain name resolution named service package-bind and nginx service (you can also compile it manually, here we install it directly using yum)

1. Install the bind settings configuration files (three) and start the service

[root@localhost ~] # yum install bind-y [root@localhost named] # netstat-napt | grep namedtcp 0 0192.168.68.145 root@localhost named 53 0.0.0.0 napt * LISTEN 6077/named tcp 0 0127.0.1 15 53 0.0.0.0 * LISTEN 6077/named tcp 0 0127.0.0.1 LISTEN 6077/named tcp6 953 0.0.0.0 LISTEN 6077/named tcp6 0:: 1:53:: * LISTEN 6077/named tcp6 0 0:: 1 LISTEN 6077/named

two。 Install nginx

We will see that the installation cannot be successful using yum directly

[root@localhost ~] # yum install-y nginx has loaded plug-ins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.cn99.com * extras: mirrors.cn99.com * updates: mirrors.cn99.com has no available package nginx. Error: no need to process [root@localhost ~] # rpm- Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm to get http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm warning: / var/tmp/rpm-tmp.aXVptL: header V4 RSA/SHA1 Signature Key ID 7bd9bf62: NOKEY in preparation. # # [100%] upgrading / installing... 1:nginx-release-centos-7-0.el7.ngx # # # [100%] [root@localhost ~] # yum install-y nginx... Omit part of the content

3. Check whether the installation is successful or not, check the configuration file directory

[root@localhost ~] # rpm-Q nginxnginx-1.16.1-1.el7.ngx.x86_64 [root@localhost ~] # rpm-qc nginx/etc/logrotate.d/nginx/etc/nginx/conf.d/default.conf # this is the file / etc/nginx/fastcgi_params/etc/nginx/koi-utf/etc/nginx/koi-win/etc/nginx/mime.types/etc/nginx/nginx.conf/etc/ that we need to make configuration changes for rewrite later. Nginx/scgi_params/etc/nginx/uwsgi_params/etc/nginx/win-utf/etc/sysconfig/nginx/etc/sysconfig/nginx-debug2.1 rewrite rule configuration application scenario 1: domain name-based jump

Briefly explain the scenario: a company needs to modify the old domain name to a new domain name for some reasons, but the new domain name is relatively unfamiliar to everyone, so it is necessary to jump from the old domain name to the new domain name. That is, when the client accesses the old domain name, it can be automatically redirected to the new domain name. After many visits, the customer finds that it can be accessed simply by entering the new domain name, and the input is more simple and friendly.

Let's explain how to configure it according to the above scenarios:

1. First of all, we are installed by yum, which has commented on its main configuration file (it is a default configuration file, which must not be as rich as manual compilation): / etc/nginx/conf.d/default.conf, give a brief introduction to its file content structure.

[root@localhost named] # cd / etc/nginx/conf.d/ [root@localhost conf.d] # lsdefault.conf [root@localhost conf.d] # cat default.conf server {listen 80; # listening port server_name localhost; # domain name, which generally refers to the server domain name # charset koi8-r # character setting # access_log / var/log/nginx/host.access.log main; # access log path setting location / {# location has the meaning of "location", according to Uri to carry out different positioning, Uri can be understood that the resource corresponds to the URL is the address root / usr/share/nginx/html; index index.html index.htm } # location can locate different parts of the website to different processing methods # error_page 404 / 404.html; # 404 access error page can not find # redirect server error pages to the static page / 50x.html # error_page 500502503504 / 50x.html # error page, server problem location = / 50x.html {root / usr/share/nginx/html;} # proxy the PHP scripts to Apache listening on 127.0.0.1 50x.html 80 # # location ~\ .php$ {# proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1 pass the PHP scripts to FastCGI server listening on 9000 # # location ~\. Php$ {# root html; # fastcgi_pass 127.0.0.1 php$ 9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME / scripts$fastcgi_script_name; # include fastcgi_params #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # # location ~ /\ .ht {# deny all; #}}

two。 Change configuration operation: change domain name, domain name redirection

Server {listen 80; server_name www.lokott.com; # charset koi8-r; # access_log / var/log/nginx/host.access.log main; location / {if ($host = 'www.lokott.com') {rewrite ^ / (. *) $http://www.newlokott.com/$1 permanent;}

3. Enable the nginx service and turn off the firewall

[root@localhost conf.d] # systemctl start nginx [root@localhost conf.d] # systemctl stop firewalld.service [root@localhost conf.d] # setenforce 0

4. Test whether the jump is normal.

Enter the old domain name on win10: whether www.lokott.com jumps to www.newlokott.com normally

For the old domain name input interface, press enter and jump to the second interface below to verify that the old domain name has been transferred to the new domain name.

2.2 rewrite rule configuration application scenario 2: based on ip address

Brief description: the company's web page is undergoing maintenance or restructuring. Currently, only legitimate ip addresses are allowed to access the company's page, while others are redirected to maintenance or other pages.

Specific configuration:

1. Set a legal flag bit; set $rewrite true

two。 To determine whether it is a legitimate IP, jump normally, otherwise jump to a main.html page

[root@localhost ~] # vim / etc/nginx/conf.d/default.conf [root@localhost ~] # cat / etc/nginx/conf.d/default.conf server {listen 80; server_name www.lokott.com; # charset koi8-r; # access_log / var/log/nginx/host.access.log main; set $rewrite true # configure scenario 2 if ($remote_addr = "192.168.68.151") {set $rewrite false;} if ($rewrite = true) {rewrite (. +) / main.html;} location = / main.html {root / usr/share/nginx/html } # end of configuration 2: location / {# if ($host = 'www.lokott.com') {# comment the configuration of scenario 1 # rewrite ^ / (. *) $http://www.newlokott.com/$1 permanent; #} root / usr/share/nginx/html; index index.html index.htm

3. Write the main.html page under / usr/share/nginx/html/

[root@localhost ~] # cd / usr/share/nginx/html/ [root@localhost html] # ls50x.html index.html [root@localhost html] # echo "this is a maintenance web page" > main.html [root@localhost html] # ls50x.html index.html main.html

4. Restart the nginx service and verify later

[root@localhost html] # systemctl restart nginx [root@localhost html] # netstat-antp | grep nginxtcp 0 0 0.0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0 of the antp. * LISTEN 64979/nginx: master

5. According to the above configuration, the result should be that the host with the IP address 192.168.68.151 is normally accessible, while the others are inaccessible.

The actual results are as follows:

Another centos virtual machine test cannot access the normal page.

Next, let's sort out and explain the contents of the configuration file at the logical level:

Intercept configuration commands for key parts:

Set $rewrite true; # sets a flag bit to make different judgments and trigger different operations

If ($remote_addr = "192.168.68.151") {# determine whether the ip address of the host requesting access is allowed (only this address has permission for normal access)

Set $rewrite false; # changes the value of the flag bit so that the operation that was originally true is not triggered, that is, the actions in the following two paragraphs are not performed

}

If ($rewrite = true) {# if the address is accessed illegally, the flag bit is still true, thus executing the paragraph

Rewrite (. +) / main.html

}

Location = / main.html {# based on the above true match, the location where the specific operation is performed is exactly matched, and the maintenance page is visited.

Root / usr/share/nginx/html

}

So according to the logical understanding, we know that only clients who are set to the allowed ip address can access the company page properly, then the others do not have the permission to change, which is tantamount to making a "whitelist".

2.3 rewrite rule configuration application scenario 3: based on the situation where there is a directory after jumping to a new domain name

Scenario description: joining the access is www.lokott.com/p. Now you need to redirect all the posts under this domain name to bbs.lokott.com/ss/p.

1. We still make changes to the default master profile

[root@localhost ~] # cat / etc/nginx/conf.d/default.conf server {listen 80; server_name www.lokott.com; # charset koi8-r; # access_log / var/log/nginx/host.access.log main; set $rewrite true; if ($remote_addr = "192.168.68.151") {set $rewrite false;} if ($rewrite = true) {rewrite (. +) / main.html } location = / main.html {root / usr/share/nginx/html;} location / p {# third scenario configuration rewrite (. +) http://bbs.lokott.com/ss$1 permanent;} location / {root / usr/share/nginx/html; index index.html index.htm;}

two。 Restart the service

[root@localhost html] # systemctl restart nginx

3. Test on the win10 virtual machine

As can be seen from this phenomenon, the above $1 means: the content after the / p directory of the location you defined, and why you need to create your own site, for example:

Create a ss/p/index.html page under the / usr/local/nginx/html directory with the content of "hello world". When you use http://www.lokott.com/p/index to access the page, you will jump as follows:

2.4 rewrite rule configuration application scenario 4: based on multi-parameter matching

Scenario description: enter the specified parameters after accessing the www.lokott.com domain name to realize the rule jump. For example, enter http://www.lokott.com/100-200-4454.html to jump to the home page.

1. Change the configuration file

Server {listen 80; server_name www.lokott.com; # charset koi8-r; # access_log / var/log/nginx/host.access.log main; if ($request_uri ~ ^ / 100-(100 | 200)-(\ d +) .html $) {# fourth scene rewrite (. *) http://www.lokott.com permanent / /} # the regularities mentioned above: ^-- beginning | or\ escape d + digits match location / {root / usr/share/nginx/html; index index.html index.htm;}

two。 Restart the service

[root@localhost html] # systemctl restart nginx [root@localhost html] # echo "asda" > 100,200-4454.html [root@localhost html] # ls100-200-4454.html 50x.html index.html [root@localhost html] # echo "asda" > 100.html

3. Test verification

In the site directory, create a 100.html file with the content asda, and then test it. The results are as follows:

2.5 rewrite rule configuration application scenario 5: access based on file suffix

Scenario description: jump to the main page when accessing the php file in the upload directory

1. Modify the configuration file

Server {listen 80; server_name www.lokott.com; # charset koi8-r; # access_log / var/log/nginx/host.access.log main; location ~ * / upload/.+\ .php ${# fifth scenario rewrite (. +) http://www.lokott.com permanent;} location / {root / usr/share/nginx/html Index index.html index.htm;}

two。 Restart the service

[root@localhost html] # systemctl restart nginx

3. Test verification

Pages that jump to:

2.6 rewrite rule configuration application scenario 6: match based on specified files (specific pages)

Scenario description: jump to the home page when visiting a fixed page

1. Modify the configuration file

Server {listen 80; server_name www.lokott.com; # charset koi8-r; # access_log / var/log/nginx/host.access.log main; location ~ * ^ / abc/123.html {# sixth scenario rewrite (. +) http://www.lokott.com permanent;} location / {root / usr/share/nginx/html Index index.html index.htm;}

two。 Restart the service

[root@localhost html] # systemctl restart nginx

3. Test verification

The jump page is as follows:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.