Nginx优化与防盗链
拓扑图:
推荐步骤:
1、在Centos01上安装Nginx,设置网站根目录/www使用域名www.huhu.com访问
2、在Centos02上安装DNS使用域名访问Centos01上使用域名www.huhu.com访问,Centos03使用yum安装apache使用域名www.huyan.com访问
3、在www.huhu.com域名的网站隐藏Nginx版本、查看Nginx管理用户、设置网页缓存、配置日志切割、配置Nginx日志切割、设置超时时间
4、在www.huhu.com网站配置防盗链防止www.huyan.com盗www.huhu.com的连接
一、在Centos01上安装Nginx,设置网站根目录/www使用域名www.huhu.com访问
1、挂载Centos7系统光盘
[root@centos01 ~]# mount /dev/cdrom /mnt/]()
mount: /dev/sr0 写保护,将以只读方式挂载
2、创建nginx管理账户
[root@centos01 ~]# useradd -M -s /sbin/nologin nginx
3、传输nginx1.16.1文件
[root@centos01 ~]# rz
z waiting to receive.**B0100000023be50
4、安装依赖文件
[root@centos01 ~]# yum -y install pcre-devel zlib-devel
5、解压nginx配置文件
[root@centos01 ~]# yum -y install pcre-devel zlib-devel
6、修改源代码程序
[root@centos01 ~]# vim /usr/src/nginx-1.16.1/src/core/nginx.h
13 #define NGINX_VERSION "7.0"
14 #define NGINX_VER "IIS/" NGINX_VERSION
22 #define NGINX_VAR "IIS"
7、修改Nginx数据包请求头部
[root@centos01 ~]# vim/usr/src/nginx-1.16.1/src/http/ngx_http_header_filter_module.c
49 static u_char ngx_http_server_string[] = "Server: IIS" CRLF;li
8、配置Nginx
[root@centos01 ~]# cd /usr/src/nginx-1.16.1/
[root@centos01 nginx-1.16.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
9、编译安装Nginx
[root@centos01 nginx-1.16.1]# make && make install
10、优化命令
[root@centos01 nginx-1.16.1]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
[root@centos01 nginx-1.16.1]# cd
[root@centos01 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
11、创建网站根目录www 设置网站主页
[root@centos01 ~]# mkdir /www/
[root@centos01 ~]# echo "www.huhu.com" > /www/index.html
二、在Centos03上安装DNS使用域名访问Centos01上使用域名www.huhu.com访问,Centos02使用yum安装apache使用域名www.huyan.com访问
1、01、02、03配置DNS
1)centos01配置DNS,重启网卡服务
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
[root@centos01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.10
NATMACK=255.255.255.0
DNS1=192.168.100.30
[root@centos01 ~]# systemctl restart network
[root@centos01 ~]# cat /etc/resolv.conf
\# Generated by NetworkManager
nameserver 192.168.100.30
2)centos02配置DNS 重启网卡服务
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
[root@centos02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.20
NATMACK=255.255.255.0
DNS1=192.168.100.30
[root@centos02 ~]# systemctl restart network
[root@centos02 ~]# cat /etc/resolv.conf
\# Generated by NetworkManager
nameserver 192.168.100.30
3)centos03配置DNS 重启网卡服务
[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
[root@centos03 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.30
NATMACK=255.255.255.0
DNS1=192.168.100.30
[root@centos03 ~]# systemctl restart network
[root@centos03 ~]# cat /etc/resolv.conf
\# Generated by NetworkManager
nameserver 192.168.100.30
2、挂载centos7系统光盘 安装DNS
[root@centos03 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos03 ~]# ls /mnt/
CentOS_BuildTag EULA images LiveOS repodata RPM-GPG-KEY-CentOS-Testing-7
EFI GPL isolinux Packages RPM-GPG-KEY-CentOS-7 TRANS.TBL
root@centos03 ~]# rpm -ivh /mnt/Packages/bind-9.9.4-50.el7.x86_64.rpm
[root@centos03 ~]# rpm -ivh /mnt/Packages/bind-chroot-9.9.4-50.el7.x86_64.rpm
3、配置DNS主配置文件
[root@centos03 ~]# echo "" > /etc/named.conf
[root@centos03 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named/";
};
zone "huhu.com" IN {
type master;
file "/var/named/huhu.com.zone";
};
zone "huyan.com" IN {
type master;
file "/var/named/huyan.com.zone";
};
4、配置DNS区域配置文件 第一台服务器
[root@centos03 ~]# vim /var/named/huhu.com.zone
$TTL 86400
@ SOA huhu.com. root.huhu.com. (
2023021015
1H
15M
1W
1D
)
@ NS centos03.huhu.com.
centos03 A 192.168.100.30
www A 192.168.100.10
[root@centos03 ~]# named-checkzone huhu.com /var/named/huhu.com.zone
zone huhu.com/IN: loaded serial 2023021015
OK
5、配置第二台DNS区域配置文件
[root@centos03 ~]# vim /var/named/huyan.com.zone
$TTL 86400
@ SOA huyan.com. root.huyan.com. (
2023021015
1H
15M
1W
1D
)
@ NS centos03.huyan.com.
centos03 A 192.168.100.30
www A 192.168.100.20
[root@centos03 ~]# named-checkzone huyan.com /var/named/huyan.com.zone
zone huyan.com/IN: loaded serial 2023021015
OK
6、启动DNS服务监听端口
[root@centos03 ~]# systemctl stop named
[root@centos03 ~]# systemctl start named
[root@centos03 ~]# netstat -anptu | grep named
tcp 0 0 192.168.100.30:53 0.0.0.0:* LISTEN 2430/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2430/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2430/named
tcp6 0 0 ::1:953 :::* LISTEN 2430/named
udp 0 0 192.168.122.1:53 0.0.0.0:* 2430/named
udp 0 0 192.168.100.30:53 0.0.0.0:* 2430/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 2430/named
8、挂centos7系统光盘 yum安装apache
[root@centos02 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos02 ~]# ls mn
ls: 无法访问mn: 没有那个文件或目录
[root@centos02 ~]# ls /mnt/
CentOS_BuildTag EFI EULA GPL images isolinux LiveOS Packages repodata RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-CentOS-Testing-7 TRANS.TBL
[root@centos02 ~]# yum -y install httpd
9、设置开机自启 设置网站主页
[root@centos02 ~]# systemctl restart httpd
[root@centos02 ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@centos02 ~]# echo "www.huyan.com" > /var/www/html/index.html
10、验证访问www.huyan.com
三、在www.huhu.com域名的网站隐藏Nginx版本、查看Nginx管理用户、设置网页缓存、配置日志切割、配置Nginx日志切割、设置超时时间
1、隐藏版本和优化管理Nginx进程用户 修改Nginx主配置文件
vim /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 1;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_tokens Off;
server {
listen 192.168.100.10:80;
server_name www.huhu.com;
charset utf-8;
access_log logs/www.huhu.com.access.log;
location / {
root /www/;
index index.html index.htm;
}
}
}
[root@centos01 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
2、查看Nginx进程
[root@centos01 ~]# ps -ef | grep nginx
root 5469 1 0 00:03 ? 00:00:00 nginx: master process nginx
nginx 5470 5469 0 00:03 ? 00:00:00 nginx: worker process
root 5472 1186 0 00:03 pts/0 00:00:00 grep --color=auto nginx
3、验证隐藏版本
4、设置网页缓存时间 修改Nginx主配置文件支持图片缓存
[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 1;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_tokens Off;
server {
listen 192.168.100.10:80;
server_name www.huhu.com;
charset utf-8;
access_log logs/www.huhu.com.access.log;
location ~ \.(gif|jpg|png|jpeg|bmp|swf)$ {
root /www;
expires 1d;
}
location / {
root /www;
index index.html index.htm;
}
}
}
[root@centos01 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
5、设置网页加载图片
[root@centos01 ~]# cd /www/
[root@centos01 www]# rz
[root@centos01 www]# ls
index.html logo.jpg
6、重启Nginx服务
[root@centos01 www]# killall nginx
[root@centos01 www]# killall nginx
nginx: no process found
[root@centos01 www]# nginx
[root@centos01 www]# cd
7、验证网页缓存
8、配置Nginx日志切割、设置超时时间 创建存储日志切割目录
[root@centos01 ~]# mkdir /nginx_log
9、编写日志切割脚本
[root@centos01 ~]# vim /opt/nginx_log_.sh
\#!/bin/bash
d=$(date -d "-1 day" "+%Y%m%d")
logs_path="/nginx_log/"
pid_path="/usr/local/nginx/logs/nginx.pid"
[ -d $logs_path ] || mkdir -p $logs_path
mv /usr/local/nginx/logs/www.huhu.com.access.log ${logs_path}/www.huhu.com-access.log-$d
kill -USR1 $(cat $pid_path)
find $logs_path -mtime +30 |xargs rm -rf
10、添加执行权限
[root@centos01 ~]# chmod +x /opt/nginx_log_.sh
11、执行脚本
[root@centos01 ~]# sh /opt/nginx_log_.sh
12、验证切割
[root@centos01 ~]# ls /nginx_log/
www.huhu.com-access.log-20230210
13、编辑计划任务,十分钟切割一次
[root@centos01 ~]# crontab -e
*/10 * * * * /opt/nginx_log_.sh
14、验证Nginx日志切割
15、优化Nginx保持连接 修改Nginx主配置文件
[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes 2;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 5;
server_tokens Off;
client_header_timeout 5;
client_body_timeout 5;
server {
listen 192.168.100.10:80;
server_name www.huhu.com;
charset utf-8;
access_log logs/www.huhu.com.access.log;
location ~ \.(gif|jpg|png|jpeg|bmp|swf)$ {
root /www;
expires 1d;
}
location / {
root /www;
index index.html index.htm;
}
}
}
16、重新启动Nginx
[root@centos01 ~]# killall nginx
[root@centos01 ~]# killall nginx
nginx: no process found
[root@centos01 ~]#
[root@centos01 ~]# nginx
17、验证优化Nginx保持连接
[root@centos01 ~]# curl -I www.huhu.com
HTTP/1.1 200 OK
Server: IIS
Date: Fri, 10 Feb 2023 16:45:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Last-Modified: Fri, 10 Feb 2023 14:56:16 GMT
Connection: keep-alive
ETag: "63e65b10-d"
Accept-Ranges: bytes
四、在www.huhu.com网站配置防盗链防止www.huyan.com盗www.huhu.com的连接
1、上传错误图片
[root@centos01 ~]# cd /www/
[root@centos01 www]# ls
index.html logo.jpg
[root@centos01 www]# rz
z waiting to receive.**B0100000023be50
[root@centos01 www]# ls
error.png index.html logo.jpg
2、修改Nginx主配置文件
user nginx;
worker_processes 2;
pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
server {
listen 192.168.100.10:80;
server_name www.huhu.com;
charset utf-8;
access_log logs/www.huhu.com.access.log;
location ~* \.(gif|jpg|swf)$ {
valid_referers none blocked *.huhu.com huhu.com;
if ($invalid_referer) {
rewrite ^/ http://www.huhu.com/error.png;
}
}
location / {
root /www;
index index.html index.htm;
}
}
}
[root@centos01 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
3、重新启动服务
[root@centos01 ~]# killall nginx
[root@centos01 ~]# killall nginx
nginx: no process found
[root@centos01 ~]# nginx
4、centos02模拟盗取centos01链接
[root@centos02 ~]# vim /var/www/html/index.html
www.huyan.com
<img src="http://www.huhu.com/logo.jpg" />
重启服务
[root@centos02 ~]# systemctl restart httpd
5、验证防盗链
6、centos01图片