Nginx configuration page to achieve compression
Nginx's ngx_http_gzip_module compression module provides the contents of the file compression feature that allows Nginx server will output the contents of compressed before sending a client to save bandwidth site to enhance the user's access experience, has been installed by default. May be added to the appropriate compression parameters in the configuration file to optimize compression performance.
Compression parameters to explain
- gzip on: turn on gzip compression output
- gzip_min_length 1k: for setting a minimum number of bytes allowed compressed page
- gzip_buffers 4 16k: 4 represents the application unit 16k memory as compressed stream buffer result, the default is to apply the same size as the original data memory to store the compression result gzip
- zip_http_version 1.0: Set for identifying http protocol version, the default is 1.1, currently most browsers already support gzip decompression, but the slowest process, relatively consume server CPU resources
- gzip_comp_level 2: specifies gzip compression ratio, compression, fastest processing speed than a minimum; 9 maximum compression, faster than the transmission speed, but the processing speed is the slowest, to use the default
- gzip_types text / plain: the type of compression is to enable compression which pages of the document
- gzip_vary on: option allows front-end cache server cache after gzip compressed pages
1. Turn off the firewall and enhanced security features
[root@localhost ~]# systemctl stop firewalld.service //关闭防火墙
[root@localhost ~]# setenforce 0 //关闭增强性安全功能
[root@localhost ~]# 2. win10 virtual machine to access nginx service, with fiddler and packet capture tool (not open compression)
3. Modify the configuration file compression turned on
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain application/x-javascript text/css image/jpeg image/png image/gif application/xml text/javascript application/x-httpd-php application/javasrcipt application/json;
gzip_disable "MSIE [1-6]\."; //IE浏览器6版本以上开启压缩功能
gzip_vary on;
[root@localhost ~]# service nginx restart //重启服务
[root@localhost ~]# 4. Again virtual machines to access nginx service with win10, and capture (compression turned on) with fiddler tool
Nginx configuration to achieve security chain
- In corporate website services, are generally required to configure the security chain function to prevent illegal use of the site content, resulting in economic losses
- Nginx security chain function is also very powerful. By default, you need only a simple configuration, you can achieve security chain process
1. Copy the website pictures and anti-theft chain picture to the next site directory
[root@localhost ~]# mkdir /mnt/tools
[root@localhost ~]# mount.cifs //192.168.100.50/tools /mnt/tools/
Password for root@//192.168.100.50/tools:
[root@localhost ~]# cp /mnt/tools/forbid.png /usr/local/nginx/html/ //防盗链图片
[root@localhost ~]# cp picture.jpg /usr/local/nginx/html/ //网站图片
[root@localhost ~]# cd /usr/local/nginx/html/
[root@localhost html]# ls
50x.html forbid.png index.html picture.jpg
[root@localhost html]# 2. Add a picture file referenced in the Home
[root@localhost html]# vim index.html
<h1>Welcome to nginx!</h1>
<img src="picture.jpg"/> //添加
[root@localhost html]# 3. Install dns service
[root@localhost html]# yum install bind -y
..........//省略安装过程
[root@localhost html]# 4. Modify the main configuration file
[root@localhost html]# vim /etc/named.conf
options {
listen-on port 53 { any; }; //将127.0.0.1改为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //将localhost改为any
[root@localhost html]# 5. Modify area Profile
[root@localhost html]# vim /etc/named.rfc1912.zones
zone "abc.com" IN { //添加区域
type master;
file "abc.com.zone";
allow-update { none; };
};
[root@localhost html]#6. Modify Profile data area
[root@localhost html]# cd /var/named/
[root@localhost named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost abc.com.zone //复制一份模板并重命名
[root@localhost named]#
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.52.131 //添加解析地址
[root@localhost named]# systemctl start named //开启服务
[root@localhost named]#7. win10-1 host Enter the following new text document and rename it to index.html
<html>
<head>
<title>盗链网站</title>
</head>
<body>
<h1>this is test web</h1>
<img src="http:www.abc.com/picture.jpg"/> //盗链路径
</body>
</html>
8. Turn win10-1 system web service the following steps
9. index.html file is moved to the folder C inetpub disk subdirectory under wwwroot
10. Irvine site will be built, respectively, of win10-1 host and test a host dns address win10-2 Linux virtual machine instead of address
11. Review win10-1 host's IP address
12. win10-2 host separate visits with nginx sites and services win10-1 host of web services, the success of hotlinking nginx service site Pictures
13. Modify nginx service configuration file, open the security chain function
[root@localhost named]# vim /usr/local/nginx/conf/nginx.conf
location ~*\.(jpg|gif|swf)$ {
valid_referers none blocked *.abc.com abc.com;
if ( $invalid_referer ) {
rewrite ^/ http://www.abc.com/forbid.png;
}
}
[root@localhost named]# service nginx restart
[root@localhost named]#14. Access are again with win10-2 host nginx service site and win10-1 host of web services, security chain function successfully opened
