nginx常用模块
文章目录
1.目录索引模块ngx_http_autoindex_module
1)语法
Syntax: autoindex on | off;
Default:
autoindex off;
Context: http, server, location
#优化部分
#显示具体大小 off 显示K/M/G单位 on 单位就是 bytes
Syntax: autoindex_exact_size on | off;
Default: autoindex_exact_size on;
Context: http, server, location
#显示文件最后徐改时间 如果是 off 需要加8小时
Syntax: autoindex_localtime on | off;
Default: autoindex_localtime off;
Context: http, server, location
2)配置
[root@web02 conf.d]# vim host1.conf
server {
listen 80;
server_name www.host1.com;
charset 'utf-8';
location / {
root /codehost1;
index index.html;
}
location /download {
root /codehost1;
autoindex on;
}
}
2.访问控制模块ngx_http_access_module
1)语法
#允许访问语法
Syntax: allow address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
#拒绝访问语法
Syntax: deny address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
2)配置
#要求10.0.0.1可以访问我的/download 目录,其他网址不允许
server {
listen 80;
server_name www.host1.com;
charset 'utf-8';
location / {
root /codehost1;
index index.html;
}
location /download {
root /codehost1;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
allow 10.0.0.1;
deny all;
}
}
#要求10.0.0.1不可以访问我的/download 目录,其他网址允许
server {
listen 80;
server_name www.host1.com;
charset 'utf-8';
location / {
root /codehost1;
index index.html;
}
location /download {
root /codehost1;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
deny 10.0.0.1;
allow all;
}
}
#要求10.0.0.0网段可以访问我的/download 目录,其他网址不允许
server {
listen 80;
server_name www.host1.com;
charset 'utf-8';
location / {
root /codehost1;
index index.html;
}
location /download {
root /codehost1;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
allow 10.0.0.0/24;
deny all;
}
}
3.访问认证模块 ngx_http_auth_basic_module
1)语法
#注释(没什么卵用)
Syntax: auth_basic string | off;
Default: auth_basic off;
Context: http, server, location, limit_except
#指定认证的文件
Syntax: auth_basic_user_file file;
Default: —
Context: http, server, location, limit_except
2)配置密码
#创建密码文件需要 htpasswd
[root@web02 conf.d]# htpasswd -c /etc/nginx/conf.d/auth_basic linux
New password:
Re-type new password:
Adding password for user linux
[root@web02 conf.d]#
#或者使用
[root@web02 conf.d]# htpasswd -c -b /etc/nginx/conf.d/auth_basic linux linux
Adding password for user linux
#密码文件内容
[root@web02 conf.d]# cat auth_basic
linux:$apr1$LHT3VFfz$0jtY0cGX5gkeSFI84xDvt0
#注意:生成多对密码时,不使用-c参数
[root@web02 conf.d]# htpasswd /etc/nginx/conf.d/auth_basic lhd
New password:
Re-type new password:
Adding password for user lhd
[root@web02 conf.d]# cat auth_basic
lhd:$apr1$GuCSoYQe$nsQhhAiPBrOoa0J3zD/s9.
linux:$apr1$w2AJGlBm$5yatp0GIlwipoYbdE/A2a/
3)配置
server {
listen 80;
server_name www.host1.com;
charset 'utf-8';
location / {
root /codehost1;
index index.html;
}
location /download {
root /codehost1;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
allow 10.0.0.0/24;
deny all;
#不配不行
auth_basic "please input password!";
auth_basic_user_file /etc/nginx/conf.d/auth_basic;
}
}
4.nginx状态模块 ngx_http_stub_status_module
1)语法
Syntax: stub_status;
Default: —
Context: server, location
2)配置
server {
listen 80;
server_name www.host1.com;
charset 'utf-8';
location / {
root /codehost1;
index index.html;
}
location /download {
root /codehost1;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
allow 10.0.0.0/24;
deny all;
auth_basic "please input password!";
auth_basic_user_file /etc/nginx/conf.d/auth_basic;
}
location /status {
stub_status;
}
}
3)nginx 七种状态
Active connections: 2
server accepts handled requests
4 4 56
Reading: 0 Writing: 1 Waiting: 1
Active connections: # 活跃的连接数
accepts # TCP连接总数
handle # 成功的TCP连接数
requests # 请求数
Reading # 读取请求头部
Writing # 放回给客户端的头部
Waiting # 等待的请求数
#注意:一次tcp连接,可以发起多次请求;
keepalive_timeout 0; #类似于关闭长连接
keepalive_timeout 65; #最长65秒没有活动则断开连接
5.连接限制模块 ngx_http_limit_conn_module
1)语法
#设置限制的空间
#调用模块 空间里的内容 空间=空间名字:空间大小
Syntax: limit_conn_zone key zone=name:size;
Default: —
Context: http
#调用上面的空间
Syntax: limit_conn zone number;
Default: —
Context: http, server, location
2)配置
http {
... ...
limit_conn_zone $remote_addr zone=conn_zone:10m;
... ...
}
server {
... ...
#设置共享内存区域和设置最大允许连接数。当超过此限制时,服务器将返回 错误 以回复请求。
limit_coon conn_zone 1;
}
6.请求限制模块 ngx_http_limit_req_module
1)语法
#设置限制请求的空间
#模块 空间里保存的内容 空间=空间名称:大小 速率 1r/s
Syntax: limit_req_zone key zone=name:size rate=rate [sync];
Default: —
Context: http
#调用上面空间
Syntax: limit_req zone=name [burst=number] [nodelay | delay=number];
Default: —
Context: http, server, location
2)配置
limit_req_zone $remote_addr zone=req_zone:1m rate=1r/s;
server {
listen 80;
server_name www.host1.com;
charset 'utf-8';
location / {
root /codehost1;
index index.html;
limit_req zone=req_zone;
limit_req_status 412;
}
location /download {
root /codehost1;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
allow 10.0.0.0/24;
deny all;
auth_basic "please input password!";
auth_basic_user_file /etc/nginx/conf.d/auth_basic;
}
location /status {
stub_status;
}
}
3)测试请求限制
#ab工具
[root@web02 conf.d]# ab -n 20 -c 2 http://www.host1.com/
Server Software: nginx/1.16.1
Server Hostname: www.host1.com
Server Port: 80
Document Path: /
Document Length: 581 bytes
Concurrency Level: 2
Time taken for tests: 0.007 seconds
Complete requests: 20
Failed requests: 19
(Connect: 0, Receive: 0, Length: 19, Exceptions: 0)
Write errors: 0
Non-2xx responses: 19
Total transferred: 8125 bytes
HTML transferred: 4324 bytes
Requests per second: 3056.70 [#/sec] (mean)
Time per request: 0.654 [ms] (mean)
Time per request: 0.327 [ms] (mean, across all concurrent requests)
Transfer rate: 1212.68 [Kbytes/sec] received
[root@web02 conf.d]#
Nginx location
使用Nginx Location可以控制访问网站的路径,但一个server可以有多个location配置, 多个location的优先级该如何区分
1.语法
Syntax: location [ = | ~ | ~* | ^~ | / ] uri { ... }
location @name { ... }
Default: —
Context: server, location
2.location匹配符
匹配符
匹配规则
优先级
=
精确匹配
1
^~
以某个字符串开头
2
~
区分大小写的正则匹配
3
~*
不区分大小写的正则匹配
4
/
通用匹配,任何请求都会匹配到
5
3.验证location匹配顺序
[root@web02 conf.d]# vim testlocation.conf
server {
listen 80;
server_name www.linux.com;
#location / {
# default_type text/html;
# return 200 "location /";
#}
location =/ {
default_type text/html;
return 200 "location =/";
}
location ~ / {
default_type text/html;
return 200 "location ~/";
}
location ^~ / {
default_type text/html;
return 200 "location ^~";
}
}
4.验证访问文件
[root@web01 conf.d]# cat testserver.conf
server {
listen 80;
server_name www.server.com;
location / {
root /code;
}
location ~ \.php$ {
root /php;
}
location ~ \.jsp$ {
root /jsp;
}
location ~* \.(jpg|gif|png|js|css)$ {
root /pic;
}
location ~* \.(sql|bak|tgz|tar.gz|git)$ {
root /package;
}
}
www.server.com/1.PHP
www.server.com/2.JPG
www.server.com/3.jsp
www.server.com/4.tGz
www.server.com/5.Gif