淘宝:tengine与nginx安装一样。
nginx安装及tomcat配置:http://www.cnblogs.com/huangjingzhou/articles/2153405.html
相关配置解释: 来源:http://www.oschina.net/code/snippet_12_175
user nobody;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 4096;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
limit_conn_zone $binary_remote_addr zone=perip:10m; #访问连接数数量控制
include gzip.conf;
server {
listen 80;
server_name localhost;
location / { #禁止ip访问
deny all;
}
location ~ ^/NginxStatus { #开启nginx运行状态
stub_status on;
access_log off;
allow 127.0.0.1; #允许指定ip访问
allow 219.136.242.37;
allow 192.168.2.0/24;
deny all;
}
}
server {
listen 80;
server_name www.oschina.net m.oschina.net my.oschina.net;
log_format oschina_log
'$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/oschina.log;
location ~ ^/NginxStatus {
stub_status on;
access_log off;
auth_basic "valid-user"; #需要用户名和密码认证才能查看
auth_basic_user_file /opt/ngx/conf/oschina_pw; #认证地址
}
location ~ ^/mrtg {
auth_basic "valid-user";
auth_basic_user_file /opt/ngx/conf/oschina_pw;
access_log off;
root /opt/mrtg;
}
location ~ ^/awstats/ {
root /data/oschina/webapp;
access_log off;
error_log off;
auth_basic "valid-user";
auth_basic_user_file /opt/ngx/conf/oschina_pw;
}
location ~ ^/(WEB-INF)/ { #禁止访问
deny all;
}
location ~ ^/uploads/ { #防盗链设置
root /data/oschina/webapp;
expires 24h;
valid_referers none blocked *.google.com *.qq.com *.oschina.net *.csdn.net *.gzv8.com;
if ($invalid_referer){
rewrite ^/ http://www.oschina.net/img/logo.gif;
}
}
location ~ \.(htm|html|gif|jpg|jpeg|png|ico|rar|css|js|zip|txt|flv|swf|doc|ppt|xls|pdf)$ { #区分大小写匹配后缀
root /data/oschina/webapp; #资料文件存方路径
access_log off;
expires 24h;
}
location / { #地址跳转
proxy_pass http://localhost:9081;
include proxy.conf;
}
error_page 502 503 /502.html; #错误页
error_page 404 /404.html;
error_page 403 /403.html;
}
}
如何封杀IP?
1.新建个配置文件:deny_block_ip.conf
#拒绝单个ip #deny 192.168.1.15; #允许某个ip # allow 192.168.1.15; #拒绝所有 # deny all; #允许所有 # allow all; #拒绝某个区间 #deny 192.168.1.0/25;
根据需求,写入相应的ip策略.
2.deny_block_ip.conf 加入到nginx.conf
include deny_block_ip.conf;
3.重启nginx
/usr/local/nginx/sbin/nginx -s reload
nginx如何对请求的次数进行控制?
http://storysky.blog.51cto.com/628458/642970/
http://andrewyu.blog.51cto.com/1604432/595778
请求策略正则解释
http://www.blogjava.net/chenlb/archive/2010/02/03/311772.html
相关操作:
检查修改的配置是否正确:/usr/local/nginx/sbin/nginx -t
下面表示配置正确:
the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok the configuration file /usr/local/nginx/conf/nginx.conf was tested successfully
重新加载配置:
kill -HUP `cat /usr/local/nginx/nginx.pid`
或者重新启动:
/usr/local/nginx/sbin/nginx -s reload