本篇主要记录学习Nginx的静态资源WEB服务的几种常见的功能记录学习
- Nginx开发常用的命令
-
nginx -tc /etc/nginx/nginx.conf -
vim /etc/nginx/conf.d/default.conf -
systemctl restart nginx.service
-
- 静态资源类型(非服务器动态运行生成的文件)
- 浏览器端渲染:
HTML,CSS,JS - 图片:
JPEG,GIF,PNG - 视频:
FLV,MPEG - 文件:
TXT,等任意下载文件
- 浏览器端渲染:
- 静态资源服务场景-CDN
- 配置语法-文件读取
-
sendfile
文档地址:http://www.nginx.cn/doc/standard/httpcore.html syntax: sendfile [ on|off ] default: sendfile off context: http, server, location Directive activate or deactivate the usage of sendfile()sendfile on; -
tcp_nopush
文档地址:http://www.nginx.cn/doc/standard/httpcore.html syntax: tcp_nopush [on|off] default: tcp_nopush off context: http, server, location This directive permits or forbids the use of the socket options TCP_NOPUSH on FreeBSD or TCP_CORK on Linux. This option is only available when using sendfile . Setting this option causes nginx to attempt to send it's HTTP response headers in one packet on Linux and FreeBSD 4.x ReadMoreAboutTcpNopushlocation ~ ^/download { gzip_static on; tcp_nopush on; root /nginxtest/download; } -
tcp_nodelay
文档地址:http://www.nginx.cn/doc/standard/httpcore.html syntax: tcp_nodelay [on|off] default: tcp_nodelay on context: http, server, location This directive allows or forbids the use of the socket option TCP_NODELAY . Only included in keep-alive connections. You can read more about the TCP_NODELAY socket option here.location / { tcp_nodelay on; root /usr/share/nginx/html; index index.html index.htm; }
-
gzip
文档地址:http://www.nginx.cn/doc/standard/httpgzip.html 语法: gzip on|off 默认值: gzip off 作用域: http, server, location, if (x) location 开启或者关闭gzip模块location ~ .*\.(jpg|gif|png)$ { gzip off; gzip_http_version 1.1; gzip_comp_level 5; root /nginxtest/images; }
-
- 校验过期机制
HttpHeaders模块
文档地址:http://www.nginx.cn/doc/standard/httpheaders.html 本模板可以设置HTTP报文的头标。 __示例__ : expires 24h; : expires 0; : expires -1; : expires epoch; : add_header Cache-Control private; 指令 [#add_header add_header] [#expires expires]location / { expires 24h; root /usr/share/nginx/html; index index.html index.htm; } - 跨域访问(不安全的,容易出来CSRF攻击)
语法: add_header name value 默认值: none 作用域: http, server, location 当HTTP应答状态码为 200、204、301、302 或 304 的时候,增加指定的HTTP头标。 其中头标的值可以使用变量。
Access-Control-Allow-Originlocation / { add_header Access-Control-Allow-Origin www.baidu.com; add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS; root /usr/share/nginx/html; index index.html index.htm; } - 防盗链
-
目的:防止资源被盗用
-
防盗链设置思路:首要方式区别那些请求是非正常的用户的请求
-
基于http_refer防盗链配置模块
-
View Codevalid_referers syntax: valid_referers [none|blocked|server_names] ... default: none context: server, location This directive assigns a value of 0 or 1 to the variable $invalid_referer based on the contents of the referer header. You can use this to help reduce deep-linking from outside sites. If Referer header is not accounted for in the list of valid_referers , then $invalid_referer will be set to 1 (see example above). The parameters can be as follows: none means the absence of "Referer" header. blocked means masked Referer header by firewall, for example, "Referer: XXXXXXX". server_names is a list of one or more servers. From version 0.5.33 onwards, * wildcards can be used in the server names.
-
location ~ .*\.(jpg|gif|png)$ { valid_referers none blocked 119.2x.1x3.218 支持增则匹配; if ($invalid_referer) { return 403; } root /nginxtest/images; }
-
