Nginx-- Profile 2

1, the default Web site

When Nginx configuration file has only one server, the server nginx is the default Web site.

Nginx all requests sent to the server for processing by the server.

2, access control

Create a page directory and file

mkdir /usr/local/nginx/html/page
echo This is My Page! > /usr/local/nginx/html/page/index.html

Edit Profile

location /page{
		allow 127.0.0.1;   //只允许访问IP
		deny all;  //拒绝所有访问
}

Reload the configuration file

killall -s HUP nginx

elinks http://ip/page   //拒绝访问

elinks http://127.0.0.1/page  //允许访问

You can also return path changes, just end with return

location /page{
		allow 127.0.0.1;  
		deny all;  
		return http://www.taobao.com
}

After reloading the configuration file access returns the following

password authentication

location /page {
	auth_basic "Please input a password!";
	auth_basic_user_file /etc/nginx/htpasswd;
	}

To switch may be used auth_basic o ff; or directly these two commented

htpasswd command extensions

htpasswd(选项)(参数) 
选项 
-c：创建一个加密文件； 
-m：默认采用MD5算法对密码进行加密； 
-d：采用CRYPT算法对密码进行加密； 
-p：不对密码进行进行加密，即明文密码； 
-s：采用SHA算法对密码进行加密； 
-b：在命令行中一并输入用户名和密码而不是根据提示输入密码； 
-D：删除指定的用户

3, log format

Nginx access logs is controlled primarily by two parameters:
log_format used to define the format of the log. Log format support to define multiple, different name to
access_log used to specify the path to the log file and log format which logging
parameters are as follows:

$remote_addr：远程IP;
$remote_user：远程用户;
$stime_local：时间;
$request：用来记录请求的url与http协议;
$status：用来记录请求状态；成功是200;
$body_bytes_sent：记录发送给客户端文件主体内容大小;
$http_referer：用来记录从那个页面链接访问过来的;
$http_user_agent：记录客户浏览器的相关信息;
$http_x_forwarded_for：访问用户的真实 IP 地址;

Log compression, you need zlib support, yum install the default does not support, source code is compiled and installed by default support

access_log  logs/access.log.gz  main gzip;

To protect the output log format and beautiful, it is recommended to set the log format to use json format

log_format json '{"@timestamp":"$time_iso8601",'
                		'"status":"$status",'
                        '"client_ip":"$remote_addr",'
                        '"method":"$request_method",'
                        '"size":$body_bytes_sent,'
                        '"upstreamhost":"$upstream_addr",'
                        '"http_host":"$host",'
                        '"request_uri":"$request_uri",'                
                        '"xff":"$http_x_forwarded_for",'                
                        '"referrer":"$http_referer",'                
                        '"agent":"$http_user_agent"}';

4, view the status of

stub_status, the basic module may output the status information nginx.

	location = /status {    
		stub_status;    
		allow   192.168.75.130;    
		deny    all; 
	}
Active connections:当前状态，活动状态的连接数 
accepts：统计总值，已经接受的客户端请求的总数 
handled：统计总值，已经处理完成的客户端请求的总数 
requests：统计总值，客户端发来的总的请求数 
Reading：当前状态，正在读取客户端请求报文首部的连接的连接数 
Writing：当前状态，正在向客户端发送响应报文过程中的连接数 
Waiting：当前状态，正在等待客户端发出请求的空闲连接数

5, provided security chain

referer module may set the security chain.
Meaning the site content itself hotlinking is not on your company's server, through technical means, directly in the company's server call other site data, and provide this content to the end user.

Configuring nginx security chain:

location ~* \.(gif|jpg|png|swf|flv)$ {
                valid_referers none blocked  cluo.net  *.meixi.net;                
                root   /usr/share/nginx/html;                
                if ($invalid_referer) {
                                        return 403;                        
                                        }
                }
valid_referers 表示合法的referers设置 
none： 表示没有referers，直接通过浏览器或者其他工具访问。 
blocked： 表示有referers，但是被代理服务器或者防火墙隐藏； 
lutixia.net： 表示通过cluo.net访问的referers； 
*.jfedu.net:  表示通过*.meixi.net访问的referers，*表示任意host主机。