1.常见的502问题解决
查看错误日志的路径:vim /usr/local/nginx/conf/nginx.conf
error_log /usr/local/nginx/logs/nginx_error.log crit;
cat /usr/local/nginx/logs/nginx_error.log(permission denied权限不够)
vim /usr/local/php/etc/php-fpm.conf
listen.owner = nobody
listen.group = nobody
2.nginx用户认证
vim test.conf
location ~ .*admin\.php{
auth_basic "xxr auth";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
include fastcgi_params;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
/etc/init.d/nginx reload
curl -x127.0.0.1:80 -uxxr:xxr525970. www.test.com/admin.php
3.域名跳转
vim test.conf
if($host != ‘www.test.com‘)
{
rewrite ^/(.*)$ http:// www.test.com/$1 permanent;
}
4.nginx不记录指定文件类型日志
vim /usr/local/nginx/conf/nginx.conf
vim test.conf
access_log /tmp/access.log xxr;
location ~ .*\.(gif|png|jpg|jpeg|png|swf|bmp)$
{
access_log off;
}
location ~ (static|cache)
{
access_log off;
}
5.nginx日志切割
vim /usr/local/sbin/nginx_logrotata.sh
#!/bin/bash
d=`date -d "-1 day" +%F`
[ -d /tmp/nginx_log ] || mkdir /tmp/nginx_log
mv /tmp/access.log /tmp/nginx_log/$d.log
/etc/init.d/nginx reload > /dev/null
cd /tmp/nginx_log/
gzip -f $d.log
sh -x /usr/local/sbin/nginx_logrotata.sh
6.nginx配置文件过期时间
vim test.conf
在location里加入:expires 2h;
7.nginx配置防盗链
vim test.conf
valid_referers none blocked *.test.com *.aaa.com
if ($invalid_referer){
return 403;
}
curl -e -I -x127.0.0.1:80 ‘http://www.test.com/static/image/smiley/default/kiss.gif‘
8.nginx访问控制
allow
deny
9.nginx禁止指定user_agent
if ($http_user_agent ~* ‘curl|baidu‘)
{
return 403;
}
10.nginx代理详解
vim proxy.conf
server{
listen 80;
server_name www.baidu.com;
location / {
proxy_pass http://61.135.169.121;
}
}
代理多个ip
upstream xxr{
server 61.135.169.125;
server 61.135.169.121; ;
}
server{
listen 80;
server_name www.baidu.com;
location / {
proxy_pass http://xxr/;
proxy_set_header Host $host;
}
}