NGiNX is a very good HTTP server software, which can realize many functions by setting, such as directory protection, IP access restriction, anti-leech, download speed limit and setting multiple domain names, etc.
1. NGINX directory protection and access restrictions
The configuration of the Nginx protection directory is as follows, the directory password protection file is /usr/local/nginx/htpasswd
location ~ /admin {
#admin is the name of the directory to be protected, location means to protect the admin directory from the root directory of the web page
auth_basic ”PLEASE LOGIN”; #is the information displayed when entering the folder
auth_basic_user_file /usr/local/nginx/htpasswd; #Authentication user and password file, my setting here is /usr/local/nginx/htpasswd
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/bbs$fastcgi_script_name;
include fastcgi_params;
}
Note that when setting directory password protection, please pay attention to the location of the configuration block. If it is placed after the location ~ \.php$ {} block, if you open a non-php file such as a static page or image, you will be prompted to enter a password. However, if the php file is opened, the setting is invalid, and the php file is directly executed and displayed. Therefore, be sure to place the block where the directory password protection is to be set before the location ~ \.php$ {} block.
Generate password file:
htpasswd -b -c /usr/locla/nginx/htpasswd username password;
2. NGINX anti-theft chain
In addition, NGiNX anti-theft chain, to prevent others from stealing pictures (video, flash, software...) is of course OK! The same is also added in the server section
location ~* \.(txt|ico|gif|png|bmp|jpg|jpeg|zip|rar|gz|7z|exe|mp3|flv|swf)$ {
valid_referers none blocked jb51.net www.jb51.net ;
if ($invalid_referer) {
rewrite ^/ http://www.jb51.net/notlink.html;
}
}
At this time, location means that the protection starts from the root directory of the web page, and all files of the specified type follow this rule
valid_referers none blocked means that it does not block where it comes from~ Here is a space to separate the allowed domain names or ip locations
$invalid_referer means that the link is not allowed
rewrite ^/ http://www.jb51.net/notlink.html; means that the specified disallowed link is automatically redirected to a page, or if you have already set 404 forwarding, you can comment out this line first and then put Remove the comment of #return 404, it will automatically go to the 404 page you set.
Special reminder: How to check whether the anti-leech link is effective? It is recommended that you look at the service log directly, and do not use a website to test. Because of some shameless guys (such as a certain degree), he will use his own image server to provide services. It is for this reason that the last time I was doing this, I wasted a lot of time.
3. NGINX download speed limit
NGiNX can also limit the speed and then limit the download thread! First find the limit_zone in the http section, and then remove the comment~
# Set an area called crawler with a size of 20MB
limit_zone crawler $binary_remote_addr 20m;
Then add in the server section
# Restrict file types to single-line download only
location ~ .*\.(zip|rar|gz|tar|exe|mp3|flv|swf|jpg|jpeg)$
{
limit_conn crawler 1;
limit_rate 500k; # plus the speed limit
}
# Restrict only single-line downloads under a specific folder
# location /download/ {
# limit_conn crawler 1;
# limit_rate 500k; # plus the speed limit
# }
Fourth, NGINX multi-domain settings
There is a serious problem when configuring PHP+Nginx today. A generic domain name is bound to the Nginx virtual host. In the program, the secondary domain name needs to be used to point to different content, but in any case, the access only jumps to the main domain name! In order to find the problem, I tested one by one and came to the following conclusion: No matter how many domain names are bound, using $_SERVER["SERVER_NAME"] will only return the first domain name bound in the virtual host!
For example, the binding domain name is as follows:
server_name www.jb51.net *.jb51.net jb51.net
Now no matter what domain name I use, $_SERVER["SERVER_NAME"] will only return www.jb51.net! ! This is a very serious problem that has a fatal impact on pan-domain names!
If there is a problem, there must be a solution. . After looking through the wiki for a long time, I finally found the information I needed! It turns out: The value returned by $_SERVER["SERVER_NAME"] is provided by SERVER_NAME in Nginx's fastcgi_param, and the default configuration is:
fastcgi_param SERVER_NAME $server_name;
The $server_name variable in Nginx is the domain name set above, and only the first one will be returned!
This is easy to do, change the above configuration to:
fastcgi_param SERVER_NAME $host;
That's it.
In addition, you need to add a line after the server_name configuration:
server_name_in_redirect off;
It means to make nginx not use the first domain name in the server_name setting by default when handling its own internal redirects!
The content comes from Xiaohongti technology blog, http://www.xiaohongti.com/ Please keep the address and respect the copyright.