本篇主要記錄學習Nginx的靜態資源WEB服務的幾種常見的功能記錄學習
- Nginx開發常用的命令
-
nginx -tc /etc/nginx/nginx.conf -
vim /etc/nginx/conf.d/default.conf -
systemctl restart nginx.service
-
- 靜態資源類型(非服務器動態運行生成的文件)
- 瀏覽器端渲染:
HTML,CSS,JS - 圖片:
JPEG,GIF,PNG - 視頻:
FLV,MPEG - 文件:
TXT,等任意下載文件
- 瀏覽器端渲染:
- 靜態資源服務場景-CDN
- 配置語法-文件讀取
-
sendfile
文檔地址:http://www.nginx.cn/doc/standard/httpcore.html syntax: sendfile [ on|off ] default: sendfile off context: http, server, location Directive activate or deactivate the usage of sendfile()sendfile on; -
tcp_nopush
文檔地址:http://www.nginx.cn/doc/standard/httpcore.html syntax: tcp_nopush [on|off] default: tcp_nopush off context: http, server, location This directive permits or forbids the use of the socket options TCP_NOPUSH on FreeBSD or TCP_CORK on Linux. This option is only available when using sendfile . Setting this option causes nginx to attempt to send it's HTTP response headers in one packet on Linux and FreeBSD 4.x ReadMoreAboutTcpNopushlocation ~ ^/download { gzip_static on; tcp_nopush on; root /nginxtest/download; } -
tcp_nodelay
文檔地址:http://www.nginx.cn/doc/standard/httpcore.html syntax: tcp_nodelay [on|off] default: tcp_nodelay on context: http, server, location This directive allows or forbids the use of the socket option TCP_NODELAY . Only included in keep-alive connections. You can read more about the TCP_NODELAY socket option here.location / { tcp_nodelay on; root /usr/share/nginx/html; index index.html index.htm; }
-
gzip
文檔地址:http://www.nginx.cn/doc/standard/httpgzip.html 語法: gzip on|off 默認值: gzip off 作用域: http, server, location, if (x) location 開啟或者關閉gzip模塊location ~ .*\.(jpg|gif|png)$ { gzip off; gzip_http_version 1.1; gzip_comp_level 5; root /nginxtest/images; }
-
- 校驗過期機制
HttpHeaders模塊
文檔地址:http://www.nginx.cn/doc/standard/httpheaders.html 本模板可以設置HTTP報文的頭標。 __示例__ : expires 24h; : expires 0; : expires -1; : expires epoch; : add_header Cache-Control private; 指令 [#add_header add_header] [#expires expires]location / { expires 24h; root /usr/share/nginx/html; index index.html index.htm; } - 跨域訪問(不安全的,容易出來CSRF攻擊)
語法: add_header name value 默認值: none 作用域: http, server, location 當HTTP應答狀態碼為 200、204、301、302 或 304 的時候,增加指定的HTTP頭標。 其中頭標的值可以使用變量。
Access-Control-Allow-Originlocation / { add_header Access-Control-Allow-Origin www.baidu.com; add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS; root /usr/share/nginx/html; index index.html index.htm; } - 防盜鏈
-
目的:防止資源被盜用
-
防盜鏈設置思路:首要方式區別那些請求是非正常的用戶的請求
-
基於http_refer防盜鏈配置模塊
-
View Codevalid_referers syntax: valid_referers [none|blocked|server_names] ... default: none context: server, location This directive assigns a value of 0 or 1 to the variable $invalid_referer based on the contents of the referer header. You can use this to help reduce deep-linking from outside sites. If Referer header is not accounted for in the list of valid_referers , then $invalid_referer will be set to 1 (see example above). The parameters can be as follows: none means the absence of "Referer" header. blocked means masked Referer header by firewall, for example, "Referer: XXXXXXX". server_names is a list of one or more servers. From version 0.5.33 onwards, * wildcards can be used in the server names.
-
location ~ .*\.(jpg|gif|png)$ { valid_referers none blocked 119.2x.1x3.218 支持增則匹配; if ($invalid_referer) { return 403; } root /nginxtest/images; }
-
