study forty six

Twelve four-time classes (April 26)

12.13 Nginx anti-leech
12.14 Nginx access control
12.15 Nginx parsing php related configuration
12.16 Nginx proxy

Extended
502 Question Summary http://ask.apelearn.com/question/9109
location priority http://blog.lishiming.net/?p=100

Nginx anti-leech

The configuration is as follows, which can be combined with the above configuration
location ~ ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names .test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}

Nginx access control

Requirements: For requests to access the /admin/ directory, only certain IPs are allowed to access. The configuration is as follows:
location /admin/
{
allow 192.168.1.33;
allow 127.0.0.1;
deny all;
}
mkdir /data/wwwroot/test.com/ admin/
echo “test,test” > /data/wwwroot/test.com/admin/1.html
-t && -s reload
curl -x127.0.0.1:80 test.com/admin/1.html -I
curl -x192.168.1.35:80 test.com/admin/1.html -I
can match the regular
location ~ . (abc|image)/. .php$
{
deny all;
}
according to user_agent restrictions
if ($http_user_agent ~ 'Spider /3.0|YoudaoBot|Tomato')
{
return 403;
}
deny all has the same effect as return 403

Nginx parses php related configuration

The configuration is as follows:
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock; #This
should be consistent with the previously configured scok file,
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test. com$fastcgi_script_name;
}
If an error 502 is reported
, check the specified sock file path
fastcgi_pass is used to specify the address where php-fpm is listening or the socket
should also check whether the file permission is 666.

Nginx proxy

cd /usr/local/nginx/conf/vhost
vim proxy.conf //加入如下内容
server
{
listen 80;
server_name ask.apelearn.com;
location /
{
proxy_pass http://121.201.9.155/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
curl ask.apelean.com/robots.txt

#
#robots.txt for MiWen
#

User-agent: *

Disallow: /?/admin/
Disallow: /?/people/
Disallow: /?/question/
Disallow: /account/
Disallow: /app/
Disallow: /cache/
Disallow: /install/
Disallow: /models/
Disallow: /crond/run/
Disallow: /search/
Disallow: /static/
Disallow: /setting/
Disallow: /system/
Disallow: /tmp/
Disallow: /themes/
Disallow: /uploads/
Disallow: /url-*
Disallow: /views/