Web服务器-Nginx企业级优化
【centos6.5】
一、编译安装Nginx
二、、配置Nginx隐藏版本号
三、修改Nginx用户与组
四、配置Nginx网页缓存时间
五、实现Nginx的日志切割
六、配置Nginx实现连接超时
七、更改Nginx运行进程数
八、配置Nginx实现网页压缩功能
九、配置Nginx实现防盗链功能
十、对FPM模块进行参数优化
一、编译安装Nginx
Nginx 源主机 192.168.168.132
Nginx2 盗链主机 192.168.168.135
Nginx必须已经安装好再执行以下操作
[[email protected] ~]# hostname nginx
[[email protected] ~]# bash
[[email protected] ~]# rpm -q pcre-devel zlib-devel openssl-devel gcc gcc-c++ make
pcre-devel-7.8-6.el6.x86_64
zlib-devel-1.2.3-29.el6.x86_64
package openssl-devel is not installed
gcc-4.4.7-4.el6.x86_64
gcc-c++-4.4.7-4.el6.x86_64
make-3.81-20.el6.x86_64
[[email protected] ~]# yum -y install openssl-devel
[[email protected] ~]# rpm -q pcre-devel zlib-devel openssl-devel gcc gcc-c++ make
pcre-devel-7.8-6.el6.x86_64
zlib-devel-1.2.3-29.el6.x86_64
openssl-devel-1.0.1e-15.el6.x86_64
gcc-4.4.7-4.el6.x86_64
gcc-c++-4.4.7-4.el6.x86_64
make-3.81-20.el6.x86_64
[[email protected] ~]# ls 【拉此包进来】
a ansible.repo.1 c61.repo.1 install.log.syslog 模板 文档 桌面
anaconda-ks.cfg ansible.repo.2 c61.repo.2 nginx-1.6.0.tar.gz
[[email protected] ~]# tar xf nginx-1.6.0.tar.gz -C /usr/src/
[[email protected] ~]# useradd -M -s /sbin/nologin nginx 【创建虚拟用户,不创建家目录,不要允许ssh登录】
[[email protected] ~]# cd /usr/src/nginx-1.6.0/
[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre && make && make install
[[email protected] nginx-1.6.0]# cd
[[email protected] conf]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[[email protected] ~]# service iptables stop
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则: [确定]
iptables:正在卸载模块: [确定]
【--with-file-aio 启用file aio 支持,一种APL文件传输格式】
【--with-http_stub_status_module 】
【--with-http_gzip_static_module 启用ngx_http_gzip_static_module支持(在线实时压缩输出数据流)】
【--with-http_flv_module 启用ngx_http_flv_module支持(提供寻求内存使用基于时间的偏移量文件)】
【--with-http_ssl_module 启用ngx_http_ssl_module支持(使支持https请求,需已安装openssl)】
【--with-pcre 启用pcre库】
二、、配置Nginx隐藏版本号
【在生产环境中,需要隐藏Nginx的版本号,以避免安全漏洞的泄露】
【curl 是通过url语法在命令行下上传或下载文件的工具软件,它支持http,https,ftp,ftps,telnet等多种协议,常被用来抓取网页和监控web服务器状态】
[[email protected] ~]# service httpd start
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for nginx
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[确定]
[[email protected] ~]# curl -I 192.168.168.132 【-I是字母大写i】查看版本,这是开启nginx获得的版本
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Sun, 21 Apr 2019 23:54:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 23
Last-Modified: Sun, 21 Apr 2019 04:47:38 GMT
Connection: keep-alive
ETag: "5cbbf5ea-17"
Accept-Ranges: bytes
[[email protected] ~]# curl -I 192.168.168.132 【-I是字母大写i】查看版本,这是开启apace获得的版本【只用做对比,实验中没有此项】
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2019 19:46:48 GMT
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Length: 5039
Connection: close
Content-Type: text/html; charset=UTF-8
隐藏方法
2.1 修改源码包
[[email protected] ~]# tar xf nginx-1.6.0.tar.gz
[[email protected] ~]# vim nginx-1.6.0/src/core/nginx.h
13 #define NGINX_VERSION "1.1.1"
14 #define NGINX_VER "IIS/" NGINX_VERSION 【此处为大写iis】
[[email protected] ~]# useradd -M -s /sbin/nologin nginx
useradd: user 'nginx' already exists
[[email protected] ~]# cd nginx-1.6.0
[[email protected] nginx-1.6.0]# yum -y install pcre-devel zlib-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* c6.51: 172.16.0.1
Setting up Install Process
Package pcre-devel-7.8-6.el6.x86_64 already installed and latest version
Package zlib-devel-1.2.3-29.el6.x86_64 already installed and latest version
Nothing to do
[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx && make && make install
[[email protected] nginx-1.6.0]# killall -3 nginx
[[email protected] nginx-1.6.0]# nginx
[[email protected] nginx-1.6.0]# netstat -anpt |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7064/nginx
[[email protected] nginx-1.6.0]# curl -I 192.168.168.132
HTTP/1.1 200 OK
Server: IIS/1.1.1
Date: Mon, 22 Apr 2019 00:18:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 23
Last-Modified: Sun, 21 Apr 2019 04:47:38 GMT
Connection: keep-alive
ETag: "5cbbf5ea-17"
Accept-Ranges: bytes
[[email protected] nginx-1.6.0]# cd
2.2 修改配置文件
【配置文件里的ip必须是本机ip】
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
26 location / {
27 root /web/www.amber.com;
28 index index.html index.htm;
29 }
30 server_tokens off;
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# killall -1 nginx
[[email protected] ~]# curl -I 192.168.168.132
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 22 Apr 2019 00:27:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 23
Last-Modified: Sun, 21 Apr 2019 04:47:38 GMT
Connection: keep-alive
ETag: "5cbbf5ea-17"
Accept-Ranges: bytes
【如果php配置文件中配置了fastcgi_param SERVER_SOFTWARE选项,则编辑php-fpm配置文件,将fastcgi_param SERVER_SOFTWARE 对应值修改为fastcgi_param SERVER_SOFTWARE nginx;】
三、修改Nginx用户与组
【nginx运行时进程需要有用户与组的支持,以实现对网站文件读取时进行访问控制。nginx默认使用nobody用户账号与组账号,一般也要进行修改】
3.1 编译安装时指定
[[email protected] ~]# useradd -M -s /sbin/nologin nginx
useradd: user 'nginx' already exists
[[email protected] ~]# cd nginx-1.6.0
[[email protected] nginx-1.6.0]# ./configure --prefix=/usr/local/nginx/ --user=nginx --group=nginx && make && make install
[[email protected] nginx-1.6.0]# cd
3.2 修改配置文件
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
1 user nginx nginx;
[[email protected] ~]# killall -1 nginx
[[email protected] ~]# ps aux |grep nginx
root 7064 0.0 0.1 24300 1376 ? Ss 08:18 0:00 nginx: master process nginx
nginx 9384 0.0 0.1 24720 1368 ? S 08:41 0:00 nginx: worker process
nginx 9385 0.0 0.1 24720 1296 ? S 08:41 0:00 nginx: worker process
root 9388 0.0 0.0 103256 848 pts/1 S+ 08:41 0:00 grep nginx
四、配置Nginx网页缓存时间
【当nginx将网页数据返回给客户端后,可设置缓存的时间,以方便在日后进行相同内容的请求时直接返回,以避免重复请求,加快了访问速度,一般针对静态网页进行设置,对动态网页不用设置缓存时间。可在Windows客户端中使用fiddler查看网页缓存时间】
设置方法:可修改配置文件,在http段、或server段、或者location段加入对特定内容的过剩参数
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
39 location ~\.(gif|jpg|jpeg|bmp|png|swf) {
40 root /web/www.amber.com;
41 expires 1d;
42 }
location ~ \.(gif|jpg|jpeg|png|bmp|ico)$ {
expires 1d;
}
保存退出,加入以上红色
[[email protected] ~]# killall -1 nginx
[[email protected] ~]# cd /usr/local/nginx/html/
[[email protected] html]# vim index.html
22
23 <p><em>Thank you for using nginx.</em></p>
24 <img src="test.jpg" /> 【添加此行】
25 </body>
26 </html>
保存退出
[[email protected] html]# ls【上传此图】
50x.html index.html test.jpg
[[email protected] html]# cd
用fiddler抓包查看
多等会查看有图的数据,必须在网页上测试看图,fiddler上才会抓到包
五、实现Nginx的日志切割
[[email protected] ~]# vim /opt/fenge.sh
#!/bin/bash
# fenge.sh
d=$(date -d "-1 day" "+%Y%m%d") 【显示一天前的时间】
logs_path="/var/log/nginx"
pid_path="/usr/local/nginx/logs/nginx.pid"
[ -d $logs_path ]||mkdir -p $logs_path
if [ -f $pid_path ];then
mv /usr/local/nginx/logs/access.log $logs_path/test.com-access.log-$d
kill -USR1 $(cat $pid_path) 【创建新日志文件】
find $logs_path -mtime +30 |xargs rm -f 【删除30天前的日志文件】
else
echo "Error,Nginx is not working!" |tee -a /var/log/messages
fi
保存退出
[[email protected] ~]# chmod +x /opt/fenge.sh
[[email protected] ~]# ll /opt/fenge.sh
-rwxr-xr-x. 1 root root 405 4月 22 09:44 /opt/fenge.sh
[[email protected] ~]# crontab -e 【编辑某个用户的cron服务,这个最重要,自己编写crontab】
0 0 * * * /opt/fenge.sh
保存退出
[[email protected] ~]# crontab -l 【列出某个用户cron服务的详细内容,查看自己写了哪些定时任务】
0 0 * * * /opt/fenge.sh
【cronrab -r 删除某个用户的cron服务】
【crontab是linux系统功能与程序无关】
[[email protected] ~]# /opt/fenge.sh
[[email protected] ~]# ls /var/log/nginx/
test.com-access.log-20190421
[[email protected] ~]# killall -3 nginx
[[email protected] ~]# /opt/fenge.sh
Error,Nginx is not working!
[[email protected] ~]# tail -1 /var/log/messages
Error,Nginx is not working!
六、配置Nginx实现连接超时
【在企业网站中,为避免同一客户长时间占用连接,造成资源浪费,可以设置相应的连接超时参数,实现控制连接访问超时】
【keepalived_timeout:设置连接保持超时时间,一般可只设置该参数,默认为75秒,可根据网站的情况生设置,或者关闭,可在http段、server段、location段设置】
【client_header_timeout:指定等待客户端发送请求头的超时时间】
【client_body_timeout:设置请求体读超时时间】若出现超时,只返回408报错
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
30 server_tokens off;
31 keepalive_timeout 65;
32 client_header_timeout 60;
33 client_body_timeout 60;
34
35 error_page 500 502 503 504 /50x.html;
36 location = /50x.html {
37 root html;
保存退出,
[[email protected] ~]# killall -1 nginx
七、更改Nginx运行进程数
【在高并发场景,需要启动更多的nginx进程以保证快速影响,以处理用户的请求,避免造成堵塞】
【修改配置文件的worker_processes参数,一般设置为CPU的个数或者核数的2倍】
[[email protected] ~]# cat /proc/cpuinfo |grep -c "physical"
1
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 1;
【默认nginx的多个进程可能更多的跑在一颗cpu上,可以分配不同的进程给不同的cpu处理,充分利用硬件多核多cpu。在一台4核物理机服务器,可以进行下面的配置,将进程进行分配】
Worker_cpu_affinity 0001 0010 0100 10000
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf【因为虚拟机只有一个cpu】
3 worker_processes 1;
4 worker_cpu_affinity 0001 0010 0100 1000;
八、配置Nginx实现网页压缩功能
【nginx的ngx_http_gzip_module压缩模块提供了对文件内容压缩的功能,允许nginx服务器将输出内容发送客户端之前进行压缩,以节约网站带宽,提升用户的访问体验,默认已经安装】
【gzip on; 【开启gzip压缩输出】
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
48 gzip_min_length 1k; 【用于设置允许压缩的页面最小节数】
49 gzip_buffers 4 16k; 【表示申请4个单位为16k的内存作为压缩结果流缓存,默认值是申请与原始数据大小相同的内存空间来储存gzip压缩结果】
50 gzip_http_version 1.1; 【设置识别http协议版本,默认是1.1】
51 gzip_comp_level 2; 【gzip压缩比,1-9等级】
52 gzip_types text/plain text/javascript application/x-javascript text/css
text/xml application/xml application/xml+rss; 【压缩类型,是就对哪些网页文档启用压缩功能】
54 #gzip_vary on; 【选项可以让前端的缓存服务器经过gzip压缩的页面】
[[email protected] ~]# nginx -t
nginx: the configuration file /usr/local/nginx//conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx//conf/nginx.conf test is successful
[[email protected] ~]# killall -1 nginx
【user-Agent:Fiddler 用户代理:工具】【Miscellaneous混杂的】
【Request Headers 请求报头】【client客户】【Transport 运输】【Entity实体】
九、配置Nginx实现防盗链功能
【nginx防盗链功能也非常强大,在默认情况下只需要进行简单的配置,即可实现防盗处理】
实验环境:
Nginx 源主机 192.168.168.132
Nginx2 盗链主机 192.168.168.135
编译安装nginx略
9.1建立源主机的测试主页
[[email protected] ~]# vim /var/www/index.html
<h1>源主机</h1>
<img src="test.jpg"/>
[[email protected] www]# ls 【拉此图进来】
cgi-bin error html icons index.html test.jpg
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
1 user nginx nginx;
2 worker_processes 1;
3 error_log logs/error.log info;
4 pid logs/nginx.pid;
5 events {
6 worker_connections 1024;
7 }
8 http {
9 include mime.types;
10 default_type application/octet-stream;
11 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
12 '$status $body_bytes_sent "$http_referer" '
13 '"$http_user_agent" "$http_x_forwarded_for"';
14 access_log logs/access.log main;
15 sendfile on;
17 server_tokens off;
19 keepalive_timeout 65;
20 client_header_timeout 60;
21 client_body_timeout 60;
22 gzip on;
23 gzip_min_length 1k;
24 gzip_buffers 4 16k;
25 gzip_http_version 1.1;
26 gzip_comp_level 2;
27 gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss;
28 # gzip_vary on;
29 server {
30 listen 80;
31 server_name www.amber.com;
32 charset utf-8;
33 access_log logs/www.amber.com.access.log main;
34 location / {
35 root /var/www;
36 index index.html index.htm;
37 }
38 location ~ \.(gif|jpg|jpeg|png|bmp|ico)$ {
39 expires 1d;
40 }
46 error_page 500 502 503 504 /50x.html;
47 location = /50x.html {
48 root html;
49 }
50}
}
保存退出
[[email protected] ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.168.132 www.amber.com
测试
9.2 使用nginx2主机盗链
【nginx2提前安装nginx,或者apache】这个安装的nginx
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
39 charset utf-8;
43 location / {
44 root /var/www;
45 index index.html index.htm;
46 }
[[email protected] ~]# vim /var/www/index.html【nginx2里面并没有此图片,访问的是nginx的图】
<h1>盗链</h1>
<img src="http://192.168.168.132/test.jpg" />
保存退出
测试,
9.3源主机设置防盗链
配置说明:
valid_referers 设置信任网站
none 浏览器中referer为空的情况,就直接在浏览器访问图片
blocked referer不为空的情况,但是值被代理或防火墙删除了,这些值不以http://或https://开头
location ~*\.(jpg|gif|png|swf)$ {
valid_referers none blocked*.amber.com amber.com;
if($invalid_referer){
rewrite^/http://www.amber.com/error.ipg;
#return 403;
}
}
【如果连接的来源不是*.amber.com、amber.com的域(不区分大小写),则强制跳转到http://www.amber.com/error.jpg,若不设置错误页面,可以返回403报错】
【因为测试test.jpg后缀为.jpg 为了看出来效果,所以error.png后缀改为为.png】
[[email protected] www]# ls 【拉此图进来,】
cgi-bin error error.png html icons index.html test.jpg
[[email protected] ~]# cd /var/www/
[[email protected] www.amber.com]# cd
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
location ~*\.(gif|jpg|jpeg|bmp|swf)$ { 【位置】
【有效地址非堵塞】 valid_referers none blocked *.amber.com amber.com;
if ($invalid_referer) { 【前一个地址无效】
rewrite ^/ http://www.amber.com/error.png; 【改写】
#rewrite 403;
expires 1d;
}
}
保存退出
[[email protected] ~]# killall -1 nginx
[[email protected] /]# vi /kgc/index.html
<h1>www.kgc.cn</h1>
<h1>盗链</h1>
<img src="http://www.amber.com/test.jpg" />
保存退出
[[email protected] ~]# vi /usr/local/nginx/conf/ngin
21 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
22 '$status $body_bytes_sent "$http_referer" '
23 '"$http_user_agent" "$http_x_forwarded_for"';
24
25 access_log logs/access.log main;
35 server {
36 listen 80;
37 server_name www.yun.com;
38
39 charset utf-8;
40
41 access_log logs/www.yun.com.access.log main;
42
43 location / {
44 root /var/www;
45 index index.html index.htm;
46 }
客户机测试
因为nginx配置文件里设置了后缀.jpg 所以用ip访问都会都会禁用,只有用域名www.amber.com访问才会成功
最后配置文件
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 1;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
server_tokens off;
#keepalive_timeout 0;
keepalive_timeout 65;
client_header_timeout 60;
client_body_timeout 60;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss;
# gzip_vary on;
server {
listen 80;
server_name www.amber.com;
charset utf-8;
access_log logs/www.amber.com.access.log main;
location / {
root /var/www;
index index.html index.htm;
}
# location ~ \.(gif|jpg|jpeg|png|bmp|ico)$ {
# expires 1d;
# }
location ~* \.(jpg|gif|swf)$ {
valid_referers none blocked *.amber.com amber.com;
if ($invalid_referer) {
rewrite ^/ http://www.amber.com/error.png;
#return 403;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name www.yun.com;
charset utf-8;
access_log logs/www.yun.com.access.log main;
location / {
root /var/www;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
十、对FPM模块进行参数优化
Nginx的PHP解析功能实现如果是交由FPM处理的,为了提高PHP的处理速度,可对FPM模块进行参数跳转。
FPM优化参数:
pm 使用哪种方法启动fpm进程,可以说static和dynamic,前者将产生固定数量的fpm进程,后缀将以动态的方式产生fpm进程
pm.max_children static 方式下开启的fpm进程数
pm.start_servers 动态方式下初始的fpm进程数量
pm.min_spare_servers 动态方式下最大的fpm空闲进程数
pm.max_spare_servers 动态方式下最大的fpm空闲进程数
注:以上调整要根据服务器的内存与服务器负载进行调整
实例:
服务器为云服务器,运行了个人论坛,内存为1.5G,fpm进程数为20,内存消耗近1G,处理比较慢
#vim /usr/local/php5/etc/php-fpm.conf
优化参数调整:
Pm=dynamic
Pm=start_servers=5
Pm.min_spare_servers=2
Pm.max_spare_servers=8
最终优化后的nginx配置文件
[[email protected] ~]# cat /usr/local/nginx/conf/nginx.conf
user nginx nginx;
worker_processes 1;
#error_log logs/error.log info;
error_log logs/error.log;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
client_header_timeout 60;
client_body_timeout 60;
server_tokens off;
server {
listen 80;
server_name www.amber.com;
charset utf-8;
access_log logs/amber.com.access.log main;
location / {
root /web;
index index.html index.htm;
}
location ~*\.(gif|jpg|jpeg|png|bmp|ico)$ {
root /web;
expires 1d;
valid_referers none blocked *.amber.com amber.com;
if ($invalid_referer){
rewrite ^ /http:///web/www.amber.com/error.jpg;
#retuin 403;
}
}
server_tokens off;
keepalive_timeout 65;
client_header_timeout 60;
client_body_timeout 60;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/javascript application/x-javascript text/css text/xml application/xml application/xml+rss;
gzip_vary on;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
实验补充:
1、出现curl -l 拒绝访问原因是没开nginx服务或者防火墙,(nginx和Apache任一开启都会出现版本号,是因为他俩有公共的作用,监控php)
[[email protected] ~]# curl -l 192.168.168.133
curl: (7) couldn't connect to host
2、有关防火墙
[[email protected] ~]# sudo /etc/init.d/iptables status 【查看防火墙状态】
iptables:未运行防火墙
[[email protected] ~]# sudo vi /etc/sysconfig/iptables 【防火墙配置文件】
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT 【可以添加端口,在22端口下】
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWAR
保存退出
[[email protected] ~]# sudo service iptables restart
iptables:应用防火墙规则: [确定]
3、出现curl -I 网页而没有出现版本 是命令中-i 是大写I 输入其他任意字符都会出现网页
[[email protected] ~]# curl -l 192.168.168.132 【查看网页;curl - 后根任意字母或者数字都是查看网页内容】
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<head>
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<p><a href="http://www.internic.net/whois.html">http://www.internic.net/whois.html</a></p>
</div>
</div>
</body>
</html>
4、问题: 出现这个
[[email protected] ~]# /opt/fenge.sh
/opt/fenge.sh: line 12: echoError,Nginx is not working!: command not found
解答: /opt/fenge.sh文件错误导致报错
5、问题:在Fiddler的Inspectors中出现“please select a single web session to inspect(请选择一个单独的web会话进行检查)”
解答:
6、PID 标志码传输包,PID由8位端口优先级加端口号组成,端口号占位低,默认端口号优先级128.
PID是各进程的代码,每个进程有唯一的PID编号。它是进程运行时系统分配的,并不代表专门的进程。在运行时PID是不会改变标识符的,但是进程终止后PID标识符就会被系统回收,就可能会被继续分配给新的进程,只要一运行程序,系统会自动分配一个标识。只要没有成功运行其他程序,这个PID会继续分配给当前要运行的程序
7、逻辑cpu数:使处理器中的1颗内核,在操作系统中发挥作用。这样,操作系统可使用的执行资源扩大了一倍,大幅提高了系统的整体性能,此时逻辑cpu=物理cpu个数*每颗核数*2
总核数=物理cpu个数*每颗物理cpu的核数
总逻辑cpu数=物理cpu个数*每颗物理cpu的核数*超线程数
所以这算双核的
物理cpu:
物理cpu就是计算机上实际配置的cpu个数
在linux上可以打开cat /proc/cpuinfo 来查看,其中的physical id 就是每个物理cpu的ID ,能找到几个physical id 就代表计算机实际有几个cpu
在linux下可以通过grep 'physical id' /proc/cpuinfo |sort -u |wc -l 来查看物理cpu个数
Cpu核数:
Linux的cpu核数总数也可以在/proc/cpuinfo里面通过指令cat /proc/cpuinfo查看的到,其中的core id 指的就是每个物理cpu下的cpu核的id,能找到几个croe id 就代表计算机有几个核心。
用指令 cat /opt/cpuinfo |grep "cpu cores" |wc -l 来统计cpu的核心总数
8/
|
# |
Result |
Protocol |
Host |
URL |
Body |
Caching |
Content-Type |
Process |
Comments |
Custom |
|
7 |
200 |
HTTP |
192.168.1.136 |
/ |
635 |
text/html; charset=utf-8 |
fiddler:1124 |
|||
|
8 |
502 |
HTTP |
Tunnel to |
ieonline.microsoft.com:443 |
556 |
no-cache, must-revalidate |
text/html; charset=UTF-8 |
iexplore:4252 |
|
http://192.168.1.136/favicon.ico
|
# |
Result |
Protocol |
Host |
URL |
Body |
Caching |
Content-Type |
Process |
Comments |
Custom |
||||||||||||
|
52 |
404 |
HTTP |
192.168.1.136 |
/favicon.ico |
564 |
text/html; charset=utf-8 |
chrome:3412 |
|||||||||||||||
|
# |
Result |
Protocol |
Host |
URL |
Body |
Caching |
Content-Type |
Process |
Comments |
Custom |
||||||||||||
|
51 |
304 |
HTTP |
192.168.1.136 |
/ |
0 |
chrome:3412 |
||||||||||||||||
9、在nginx2里测试文件里ip改为域名也不显示图片。只显示盗链2字
[[email protected] ~]# vim /var/www/index.html
<h1>盗链</h1>
<img src="http://www.amber.com/test.jpg" />
10、如果出现找图片路径失败,可以在下面添加一路径
location ~* \.(jpg|gif|swf)$ {
root /var/www
valid_referers none blocked *.amber.com amber.com;
if ($invalid_referer) {
rewrite ^/ http://www.amber.com/error.png;
#return 403;