[TOC]
Article Directory
First, configure Nginx to hide the version number
1.1, modify the configuration file method
1.2, the source modification method
Second, modify user and group Nginx
2.1, modify the configuration file to specify users and groups
Third, configure Nginx web caching time
Fourth, the configuration log split
Fifth, to achieve connection timeout
nginx installation has been configured in advance, and may need to refer to my blog, link to: Nginx configuration
First, configure Nginx to hide the version number
In a production environment, we need to hide Nginx version number in order to avoid security breaches leak
Check method
Use fiddler tool in the Windows Client Viewer Nginx version number
Use "curl -I URL" command in the system view CentOS
Nginx version number of the hidden method
Modify the configuration file method
Modify the source code law
1.1, modify the configuration file method
1, first check the version of basic information
curl -I http://自己的IP地址
2, Nginx configuration file to add: set the value of the option is off server_tokens
vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
#下面添加一段,关闭版本显示
server_tokens off;
3, restart the service
//先关闭服务,再开启服务
service nginx stop
service nginx start
4, and then curl command to view the version
1.2, the source modification method
Nginx source code file /pot/nginx-1.12.0/src/core/nginx.h
Includes version information, you can freely set
Recompile installation, hidden version information
1, a modified version number
#先把刚才添加的那段话的 off(关闭),改成 on(开启)
vim /usr/local/nginx/conf/nginx.conf
cd /opt/nginx-1.12.2/src/core/
vim /opt/ningx-1.12.2/src/core/nginx.h
define nginx_version 1012002
define NGINX_VERSION "1.1.1" //自定义一个版本号
define NGINX_VER "nginx/" NGINX_VERSION
2. Configure compilation
cd nginx-1.12.2/
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module
make && make install
3, start the service, view version
#在启动服务
service nginx stop
service nginx start
#在查看,就会发现有一个我们自己伪造的一个版本号
curl -I http://IP地址/
Sercer: nginx/1.1.1 #伪造的版本号
Note: If the version number is not forged successful, is not displayed, there may be shut down version of the configuration file is displayed. Solution: Delete server_tokens off;
Second, modify user and group Nginx
Nginx running process needs the support of users and groups, in order to achieve access control to a Web site to read the file
Nginx nobody default user accounts and group accounts, generally have to be modified
Modification method:
Compiles the specified users and groups during installation
Modify the configuration file to specify users and groups
2.1, modify the configuration file to specify users and groups
vim /usr/local/nginx/conf/nginx.conf
#user nobody;
//去掉前面注释符“ # ”,修改 nobody 指定用户与组 nginx nginx;
The main process created by the root child process created by nginx
Third, configure Nginx web caching time
Nginx When the Web page data back to the client, the cache may be provided time to facilitate future request directly return the same content, to avoid repeated requests faster access speed
General settings for static pages, dynamic pages do not set the cache time
Use fiddler can view the page buffer time in the Windows client
Setting method:
Can modify the configuration file, add parameters to specific content expired at http segment, or server segment, segment or location
1. Copy the picture to the next site directory of nginx
#在自己的共享文件中 找到" game.jpg "
mkdir /abc
mount.cifs //192.168.56.1/lamp7 /abc
cd /abc/wl
//我的图片在wl的包里
//复制图片 game.jpg 到站点目录下
cp /abc/wl/game.jpg /usr/local/nginx/html/
cd /usr/local/nginx/html
2, the picture will be added to the page content
#修改
vim index.html
#在 Welcome to nginx 的下面添加一段
<img src="game.jpg"/>
3, change the nginx configuration file
vim /usr/local/nginx/conf/nginx.conf
#在 http {}段,添加一个
location ~\.(gif|jepg|jpg|ico|bmp|png)$ {
root html;
expires 1d;
}
4, start the service
#重启服务
service nginx restart
5, the verification win10
Fourth, the configuration log split
With the increase of Nginx running time, the log will increase. In order to facilitate grasp Nginx running, need to always pay attention to the log file Nginx
The log file is too big to be a big disaster monitoring
Regular cutting of the log file
Nginx not have their own log splitting processing functions, but can automatically log cutting through a script Nginx signal control functions, and logs cut by a scheduled task periodically Linux
Write scripts for log cutting ideas:
Set the time variable
Save log path is provided;
The current log file is renamed
Long time to delete the log file
Set up a cron task to perform regular script automatically logs split
1, scripting achieve segmentation
vim /opt/fenge.sh
#!/bin/bash
#Filename:fenge.sh
d=$(date -d "-1 day" "+%Y%m%d")
logs_path="/var/log/nginx"
pid_path="/usr/local/nginx/logs/nginx.pid"
[ -d $logs_path ] || mkdir -p $logs_path
mv /usr/local/nginx/logs/access.log ${logs_path}/test.com-access.log-$d
kill -USR1 $(cat $pid_path)
find $logs_path -mtime +30 | xargs rm -rf
2, execute script
chmod +x fenge.sh
./fengs.sh
//可以把当前时间修改为2019.12.29,(可以自定义)
date -s 2019-12-29
3, set up a cron task to perform regular script automatically logs split
执行周期性计划任务
crontab -e
0 1 * * * /opt/fengs.sh
Fifth, to achieve connection timeout
In corporate website in order to avoid the same - - a prolonged occupation of the customer connection,
A waste of resources, may be provided corresponding connection timeout parameters to achieve control
Connection access time
Fiddler tool to use to view the connection parameters
Timeout parameter to explain:
Keepalive_timeout
Holding connection timeout provided, generally only set this parameter, default 75 seconds, can be set according to the situation of the site, or closed, at http segment, server segment or segments disposed location
Client_header_timeout
Specifies the client sends a request to wait for the timeout header
Client_body_timeout
Setting a read request body timeout
1, modify the configuration file
cd /usr/local/nginx/conf
vim nginx.conf
#在 http {}段 :下面添加
keepalive_timeout 65 180;
client_header_timeout 80;
client_body_timeout 80;
//重启服务
service nginx restart