首页 > 系统相关 >Nginx优化与防盗链

Nginx优化与防盗链

时间:2023-02-22 14:00:50浏览次数:54  
标签:www Nginx root huhu nginx com centos01 优化 防盗链

Nginx优化与防盗链

拓扑图:

Nginx优化与防盗链_nginx

推荐步骤:

1、在Centos01上安装Nginx,设置网站根目录/www使用域名​​www.huhu.com​​访问

2、在Centos02上安装DNS使用域名访问Centos01上使用域名​​www.huhu.com​​​访问,Centos03使用yum安装apache使用域名​​www.huyan.com​​访问

3、在​​www.huhu.com域名的网站隐藏Nginx​​版本、查看Nginx管理用户、设置网页缓存、配置日志切割、配置Nginx日志切割、设置超时时间

4、在​​www.huhu.com​​​网站配置防盗链防止​​www.huyan.com​​​盗​​www.huhu.com​​的连接

一、在Centos01上安装Nginx,设置网站根目录/www使用域名www.huhu.com访问

1、挂载Centos7系统光盘

[root@centos01 ~]# mount /dev/cdrom /mnt/]()

mount: /dev/sr0 写保护,将以只读方式挂载

2、创建nginx管理账户

[root@centos01 ~]# useradd -M -s /sbin/nologin nginx

3、传输nginx1.16.1文件

[root@centos01 ~]# rz

z waiting to receive.**B0100000023be50

4、安装依赖文件

[root@centos01 ~]# yum -y install pcre-devel zlib-devel

5、解压nginx配置文件

[root@centos01 ~]# yum -y install pcre-devel zlib-devel

6、修改源代码程序

[root@centos01 ~]# vim /usr/src/nginx-1.16.1/src/core/nginx.h

13 #define NGINX_VERSION "7.0"

14 #define NGINX_VER "IIS/" NGINX_VERSION

22 #define NGINX_VAR "IIS"

7、修改Nginx数据包请求头部

[root@centos01 ~]# vim/usr/src/nginx-1.16.1/src/http/ngx_http_header_filter_module.c

49 static u_char ngx_http_server_string[] = "Server: IIS" CRLF;li

8、配置Nginx

[root@centos01 ~]# cd /usr/src/nginx-1.16.1/

[root@centos01 nginx-1.16.1]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module

9、编译安装Nginx

[root@centos01 nginx-1.16.1]# make && make install

10、优化命令

[root@centos01 nginx-1.16.1]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/

[root@centos01 nginx-1.16.1]# cd

[root@centos01 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

11、创建网站根目录www 设置网站主页

[root@centos01 ~]# mkdir /www/

[root@centos01 ~]# echo "www.huhu.com" > /www/index.html

二、在Centos03上安装DNS使用域名访问Centos01上使用域名​​www.huhu.com​​​访问,Centos02使用yum安装apache使用域名​​www.huyan.com​​访问

1、01、02、03配置DNS

1)centos01配置DNS,重启网卡服务

[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32

[root@centos01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet

BOOTPROTO=static

NAME=ens32

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.100.10

NATMACK=255.255.255.0

DNS1=192.168.100.30



[root@centos01 ~]# systemctl restart network

[root@centos01 ~]# cat /etc/resolv.conf

\# Generated by NetworkManager

nameserver 192.168.100.30

2)centos02配置DNS 重启网卡服务

[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32

[root@centos02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet

BOOTPROTO=static

NAME=ens32

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.100.20

NATMACK=255.255.255.0

DNS1=192.168.100.30



[root@centos02 ~]# systemctl restart network

[root@centos02 ~]# cat /etc/resolv.conf

\# Generated by NetworkManager

nameserver 192.168.100.30

3)centos03配置DNS 重启网卡服务

[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32

[root@centos03 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens32

TYPE=Ethernet

BOOTPROTO=static

NAME=ens32

DEVICE=ens32

ONBOOT=yes

IPADDR=192.168.100.30

NATMACK=255.255.255.0

DNS1=192.168.100.30

[root@centos03 ~]# systemctl restart network

[root@centos03 ~]# cat /etc/resolv.conf

\# Generated by NetworkManager

nameserver 192.168.100.30

2、挂载centos7系统光盘 安装DNS

[root@centos03 ~]# mount /dev/cdrom /mnt/

mount: /dev/sr0 写保护,将以只读方式挂载

[root@centos03 ~]# ls /mnt/

CentOS_BuildTag EULA images LiveOS repodata RPM-GPG-KEY-CentOS-Testing-7

EFI GPL isolinux Packages RPM-GPG-KEY-CentOS-7 TRANS.TBL

root@centos03 ~]# rpm -ivh /mnt/Packages/bind-9.9.4-50.el7.x86_64.rpm

[root@centos03 ~]# rpm -ivh /mnt/Packages/bind-chroot-9.9.4-50.el7.x86_64.rpm

3、配置DNS主配置文件

[root@centos03 ~]# echo "" > /etc/named.conf

[root@centos03 ~]# vim /etc/named.conf

options {

listen-on port 53 { any; };

directory "/var/named/";

};

zone "huhu.com" IN {

type master;

file "/var/named/huhu.com.zone";

};

zone "huyan.com" IN {

type master;

file "/var/named/huyan.com.zone";

};

4、配置DNS区域配置文件 第一台服务器

[root@centos03 ~]# vim /var/named/huhu.com.zone

$TTL 86400

@ SOA huhu.com. root.huhu.com. (

2023021015

1H

15M

1W

1D

)

@ NS centos03.huhu.com.

centos03 A 192.168.100.30

www A 192.168.100.10

[root@centos03 ~]# named-checkzone huhu.com /var/named/huhu.com.zone

zone huhu.com/IN: loaded serial 2023021015

OK

5、配置第二台DNS区域配置文件

[root@centos03 ~]# vim /var/named/huyan.com.zone

$TTL 86400

@ SOA huyan.com. root.huyan.com. (

2023021015

1H

15M

1W

1D

)

@ NS centos03.huyan.com.

centos03 A 192.168.100.30

www A 192.168.100.20

[root@centos03 ~]# named-checkzone huyan.com /var/named/huyan.com.zone

zone huyan.com/IN: loaded serial 2023021015

OK

6、启动DNS服务监听端口

[root@centos03 ~]# systemctl stop named

[root@centos03 ~]# systemctl start named

[root@centos03 ~]# netstat -anptu | grep named

tcp 0 0 192.168.100.30:53 0.0.0.0:* LISTEN 2430/named

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2430/named

tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2430/named

tcp6 0 0 ::1:953 :::* LISTEN 2430/named

udp 0 0 192.168.122.1:53 0.0.0.0:* 2430/named

udp 0 0 192.168.100.30:53 0.0.0.0:* 2430/named

udp 0 0 127.0.0.1:53 0.0.0.0:* 2430/named

7、​​验证访问www.huhu.com​

Nginx优化与防盗链_nginx_02

8、挂centos7系统光盘 yum安装apache

[root@centos02 ~]# mount /dev/cdrom /mnt/

mount: /dev/sr0 写保护,将以只读方式挂载

[root@centos02 ~]# ls mn

ls: 无法访问mn: 没有那个文件或目录

[root@centos02 ~]# ls /mnt/

CentOS_BuildTag EFI EULA GPL images isolinux LiveOS Packages repodata RPM-GPG-KEY-CentOS-7 RPM-GPG-KEY-CentOS-Testing-7 TRANS.TBL

[root@centos02 ~]# yum -y install httpd

9、设置开机自启 设置网站主页

[root@centos02 ~]# systemctl restart httpd

[root@centos02 ~]# systemctl enable httpd

Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

[root@centos02 ~]# echo "www.huyan.com" > /var/www/html/index.html

10、​​验证访问www.huyan.com​

Nginx优化与防盗链_nginx_03

三、在​​www.huhu.com域名的网站隐藏Nginx​​版本、查看Nginx管理用户、设置网页缓存、配置日志切割、配置Nginx日志切割、设置超时时间

1、隐藏版本和优化管理Nginx进程用户 修改Nginx主配置文件

vim /usr/local/nginx/conf/nginx.conf

user nginx;

worker_processes 1;

pid logs/nginx.pid;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server_tokens Off;

server {

listen 192.168.100.10:80;

server_name www.huhu.com;

charset utf-8;

access_log logs/www.huhu.com.access.log;



location / {

root /www/;

index index.html index.htm;

}

}

}



[root@centos01 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

2、查看Nginx进程

[root@centos01 ~]# ps -ef | grep nginx

root 5469 1 0 00:03 ? 00:00:00 nginx: master process nginx

nginx 5470 5469 0 00:03 ? 00:00:00 nginx: worker process

root 5472 1186 0 00:03 pts/0 00:00:00 grep --color=auto nginx

3、验证隐藏版本

Nginx优化与防盗链_nginx_04

4、设置网页缓存时间 修改Nginx主配置文件支持图片缓存

[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf

user nginx;

worker_processes 1;

pid logs/nginx.pid;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

server_tokens Off;

server {

listen 192.168.100.10:80;

server_name www.huhu.com;

charset utf-8;

access_log logs/www.huhu.com.access.log;

location ~ \.(gif|jpg|png|jpeg|bmp|swf)$ {

root /www;

expires 1d;

}

location / {

root /www;

index index.html index.htm;

}

}

}



[root@centos01 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

5、设置网页加载图片

[root@centos01 ~]# cd /www/

[root@centos01 www]# rz

[root@centos01 www]# ls

index.html logo.jpg

6、重启Nginx服务

[root@centos01 www]# killall nginx

[root@centos01 www]# killall nginx

nginx: no process found

[root@centos01 www]# nginx

[root@centos01 www]# cd

7、验证网页缓存

Nginx优化与防盗链_Nginx_05

Nginx优化与防盗链_nginx_06

8、配置Nginx日志切割、设置超时时间 创建存储日志切割目录

[root@centos01 ~]# mkdir /nginx_log

9、编写日志切割脚本

[root@centos01 ~]# vim /opt/nginx_log_.sh

\#!/bin/bash

d=$(date -d "-1 day" "+%Y%m%d")

logs_path="/nginx_log/"

pid_path="/usr/local/nginx/logs/nginx.pid"

[ -d $logs_path ] || mkdir -p $logs_path

mv /usr/local/nginx/logs/www.huhu.com.access.log ${logs_path}/www.huhu.com-access.log-$d

kill -USR1 $(cat $pid_path)

find $logs_path -mtime +30 |xargs rm -rf

10、添加执行权限

[root@centos01 ~]# chmod +x /opt/nginx_log_.sh

11、执行脚本

[root@centos01 ~]# sh /opt/nginx_log_.sh

12、验证切割

[root@centos01 ~]# ls /nginx_log/

www.huhu.com-access.log-20230210

13、编辑计划任务,十分钟切割一次

[root@centos01 ~]# crontab -e

*/10 * * * * /opt/nginx_log_.sh

14、验证Nginx日志切割

Nginx优化与防盗链_centos_07

15、优化Nginx保持连接 修改Nginx主配置文件

[root@centos01 ~]# vim /usr/local/nginx/conf/nginx.conf

user nginx;

worker_processes 2;

pid logs/nginx.pid;

events {

worker_connections 2048;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 5;

server_tokens Off;

client_header_timeout 5;

client_body_timeout 5;

server {

listen 192.168.100.10:80;

server_name www.huhu.com;

charset utf-8;

access_log logs/www.huhu.com.access.log;

location ~ \.(gif|jpg|png|jpeg|bmp|swf)$ {

root /www;

expires 1d;

}

location / {

root /www;

index index.html index.htm;

}

}

}

16、重新启动Nginx

[root@centos01 ~]# killall nginx

[root@centos01 ~]# killall nginx

nginx: no process found

[root@centos01 ~]#

[root@centos01 ~]# nginx

17、验证优化Nginx保持连接

[root@centos01 ~]# curl -I www.huhu.com

HTTP/1.1 200 OK

Server: IIS

Date: Fri, 10 Feb 2023 16:45:44 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 13

Last-Modified: Fri, 10 Feb 2023 14:56:16 GMT

Connection: keep-alive

ETag: "63e65b10-d"

Accept-Ranges: bytes

四、在​​www.huhu.com​​​网站配置防盗链防止​​www.huyan.com​​​盗​​www.huhu.com​​的连接

1、上传错误图片

[root@centos01 ~]# cd /www/

[root@centos01 www]# ls
index.html  logo.jpg

[root@centos01 www]# rz

z waiting to receive.**B0100000023be50

[root@centos01 www]# ls

error.png index.html logo.jpg

2、修改Nginx主配置文件

user  nginx;

worker_processes 2;

pid logs/nginx.pid;

events {

worker_connections 2048;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

server {

listen 192.168.100.10:80;

server_name www.huhu.com;

charset utf-8;

access_log logs/www.huhu.com.access.log;

location ~* \.(gif|jpg|swf)$ {

valid_referers none blocked *.huhu.com huhu.com;

if ($invalid_referer) {

rewrite ^/ http://www.huhu.com/error.png;

}

}

location / {

root /www;

index index.html index.htm;

}

}

}

[root@centos01 ~]# nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

3、重新启动服务

[root@centos01 ~]# killall nginx

[root@centos01 ~]# killall nginx

nginx: no process found

[root@centos01 ~]# nginx

4、centos02模拟盗取centos01链接

[root@centos02 ~]# vim /var/www/html/index.html

www.huyan.com

<img src="http://www.huhu.com/logo.jpg" />

Nginx优化与防盗链_centos_08

重启服务

[root@centos02 ~]# systemctl restart httpd

5、验证防盗链

Nginx优化与防盗链_nginx_09

6、centos01图片

Nginx优化与防盗链_Nginx_10

Created By Henry 共同学习 共同进步. 点赞收藏加关注.

标签:www,Nginx,root,huhu,nginx,com,centos01,优化,防盗链
From: https://blog.51cto.com/u_15829479/6076322

相关文章

  • 【C语言】猜数字小游戏「功能优化」
    ......
  • 【Go】使用Go语言打造定时提醒小工具,从基础到优化全方位探索
    一、引言1.目的和背景本文和大家分享编程语言对于时间和日期的处理方式,以及代码的优化思路。2.选择GO语言的原因简单易学:GO语言的语法简单易学,这使得初学者能够快速上......
  • Nginx 配置
    在当今快节奏的数字世界中,企业需要能够处理大量网络流量以保持竞争力。实现这一目标的一种方法是使用像Nginx这样的高性能Web服务器。将Nginx配置为每分钟处理10000......
  • 运筹优化算法工程师问题记录(个人收藏记录用)
    一、运筹优化相关介绍一个做的最好的一个项目用过哪些求解器如果求解器求解问题时间太长,该怎么优化元启发式算法有哪些有两个约束,是与的关系,怎么在建模中体现(建模技......
  • 图解Nginx,系统架构演变 + Nginx反向代理与负载均衡
    大家好,我是哪吒。本系列为SpringCloud微服务系列,先从微服务的入口Nginx开始学习,读哪吒编程,品技术人生。一、系统架构演变最开始接触Java语言的时候,我写的第一个项目是图......
  • nginx使用经验
    nginx使用经验官网下载链接https://nginx.org/en/download.htmlservicenginxstopservicenginxstartservicenginxrestart/etc/init.d/nginxstart常用脚本/......
  • 运维工程师高频面试——Linux系统性能优化思路(一)
        Linux服务器主机性能优化是运维工程师面试常考常新的主题,首先我们要清楚影响Linux性能的各种因素,包括硬件资源、硬件资源方面,如果是动态web应用、mail服务等都......
  • 2023年谷歌seo排名优化指南
    本文主要分享2023年关于谷歌排名机制变化以及如何提升谷歌排名的一些方法。本文由光算创作,有可能会被剽窃和修改,我们佛系对待这种行为吧。2023年,谷歌搜索引擎对于SEO的优化......
  • JVM系统优化实践(2):JVM内存与回收
    您好,我是湘王,这是我的博客园,欢迎您来,欢迎您再来~   上次把JVM的类加载过程粗略地过了一遍,今天再来看看JVM运行代码时,系统里发生了什么。就像家里的柴、米、油、盐......
  • Nginx日志分割
    nginx默认没有提供对日志文件的分割功能,所以随着时间的增长,access.log和error.log文件会越来越大,尤其是access.log,其日志记录量比较大,更容易增长文件大小,影响日志写入性能分......