一、Nginx概述

 1.Nginx简介

          解决基于进程模型产生的C10k问题,请求时即使无状态连接如web服务都无法达到并发响应量级一万现状。2006年俄罗斯编写。全称为engine X,缩减合并称为nginx  官方站点:http://nginx.org/ 2013年发出企业版Nginx Plus

          二次发行版:tengine, OpenResty… …

 

  2.Nginx的特性

       1) 模块化设计、较好扩展性;早期不支持模块的动态装卸载

       2) 高可靠性:基于master/worker模式

master:负责启动服务,分析配置文件,父子启动子进程和worker进程

worker:真正响应用户请求进程

       3) 支持热部署(平滑迁移)不停机更新配置文件、更换日志、更新服务器程序版本;

       4) 内存消耗低:10000个keep-alive连接模式下的非活动连接仅消耗2.5M内存;

       5) 支持event-driven事件驱动模型, aio一步驱动机制, mmap内存映射

 

  3.Nginx基本功能

       1) 静态资源的web服务器;

       2) http协议的反向代理服务器;

       3) pop3, smpt,imap4等邮件协议的反向代理;

       4) 能缓存打开的文件(元数据:文件的描述符等等信息

       5) 支持FastCGI(php-fpm), uWSGI(Python WebFramwork)等协议机制,实现代理后端应用程序交互

       6) 高度模块化(非DSO机制)

       模块类型:

core module

核心公用模块

Standard HTTP  modules

标准(核心)HTTP模块;自动编译进程序不止一个

Optional HTTP  modules

可选HTTP模块

Mail modules

邮件模块

3rd party modules

第三方模块,在编译时需手动指明加载方式加载

       7) 支持过滤器,例如zip,SSI

       8) 支持SSL加密机制

       9) web服务相关的功能:虚拟主机(server)、keepalive、访问日志(支持基于日志缓冲提高其性能)、urlrewirte、路径别名、基于IP及用户的访问控制、支持速率限制及并发数限制;

……

  4.Nginx的基本架构master/worker

       master/worker模型:一个master进程可生成一个或多个worker进程;每个worker基于时间驱动机制可以并行响应多个请求

   master:加载配置文件、管理worker进程、平滑升级,…

   worker:http服务,http代理,fastcgi代理,…

Nginx(一):静态资源web服务器配置详解

 

     事件驱动:epoll(Linux),kqueue(FreeBSD), /dev/poll(Solaris)

消息通知:select,poll, rt signals

     支持sendfile,  sendfile64

     支持AIO,mmap

 

 

 

二、Nginx编译安装配置

  1.编译安装nginx

     (1)编译环境准备

              [aaa@qq.com~]# yum install -y make

              [aaa@qq.com~]# yum install -y gcc

              [aaa@qq.com~]#  yum -y groupinstall “开发工具”“服务器平台开发”

              [aaa@qq.com~]# yum install -y pcre-devel  openssl-develzlib-devel

              [aaa@qq.com~]# useradd -r nginx

     (2)解压安装

              [aaa@qq.com~]# tar xf nginx-1.8.0.tar.gz

              [aaa@qq.com]# ./configure –prefix=/usr/local/nginx–conf-path=/etc/nginx/nginx.conf –user=nginx –group=nginx  –error-log-path=/var/log/nginx/error.log–http-log-path=/var/log/nginx/access.log –pid-path=/var/run/nginx/nginx.pid–lock-path=/var/lock/nginx.lock –with-http_ssl_module–with-http_stub_status_module –with-http_gzip_static_module –with-debug

注意:check时,在Linuxepoll机制要存在

              [aaa@qq.com]#make &&make install

     (3)启动服务,检测端口是否启用

              [aaa@qq.com~]#  /usr/local/nginx/sbin/nginx

              [aaa@qq.com~]# ss-tnl

Nginx(一):静态资源web服务器配置详解

 

2.Nginx配置文件

    (1)配置指令有类型

             1) 全局指令:放置于mainblock中,即文档根

main配置段类别:正常运行必备的配置;优化性能相关的配置;用于调试、定位问题的配置;

             2) 模块指令:由模块引入,其也必须放置于相应的Directive blocks中block之间可能存在嵌套关系。用{}嵌套

   event 配置段

事件驱动模块段,面向用户并发连接请求响应组织配置机制

   http 配置段

web模块相关配置

   mail配置段

邮件模块相关配置;编译安装时候默认无此模块

   … …


Nginx(一):静态资源web服务器配置详解

    (2)组成部分

主配置文件:nginx.conf

     在主配置文件中加入include语句,可以将主配置文件切割成端例如include conf.d/*.conf   ===>  /etc/nginx/conf.d/*.conf

fastcgi的配置文件:fastcgi_params

  …  …

    (3)配置文件内容语法格式

 1)  配置指令(必须以分号结尾):Directive  value1 [value2…];

 2) 支持使用变量:

内置变量:由模块引入;

自定义变量:set  variable value; 引用变量:variable</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:'宋体';font-size:21px;color:#17365D;"><span style="font-weight:bold;">三、主配置文件框架解析</span></p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;1.MAIN</span><span style="font-weight:bold;font-family:Calibri;">配置段</span><span style="font-weight:bold;font-family:'宋体';">常用参数</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(1)</span><span style="font-weight:bold;font-family:'宋体';">常规配置指令</span></p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="217"><p style="font-family:Calibri;font-size:14px;">user &nbsp;USERNAME&nbsp; [GROUPNAME];</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="458"><p style="font-size:14px;"><span style="font-family:Calibri;">指定用于运行worker进程的用户和组</span><span style="font-family:'宋体';">:例如</span><span style="font-family:Calibri;">user&nbsp; nginx&nbsp; &nbsp;nginx;</span></p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="93"><p style="font-family:Calibri;font-size:14px;">pid&nbsp; /PATH/TO/PID_FILE;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="458"><p style="font-family:Calibri;font-size:14px;">指定nginx进程的pid文件路径;pid&nbsp; /var/run/nginx.pid;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="93"><p style="font-family:Calibri;font-size:14px;">worker_rlimit_nofile &nbsp;#;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="458"><p style="font-family:Calibri;font-size:14px;">指定一个worker进程所能够打开的最大文件描述符数量;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="93"><p style="font-family:Calibri;font-size:14px;">worker_rlimit_sigpending &nbsp;#;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="458"><p style="font-family:Calibri;font-size:14px;">指定每个用户能够发往worker进程的信号的数量;</p></td></tr></tbody></table><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(2)</span><span style="font-weight:bold;font-family:Calibri;">性能优化相关</span><span style="font-weight:bold;font-family:'宋体';">指令</span></p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="222"><p style="font-family:Calibri;font-size:14px;">worker_processes &nbsp;#;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="460"><p style="font-size:14px;"><span style="font-family:Calibri;">worker进程的个数;通常应该为物理CPU核心数量减1</span><span style="font-family:'宋体';">;</span><span style="font-family:Calibri;">"auto"实现自动设定</span></p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="127"><p style="font-family:Calibri;font-size:14px;">worker_cpu_affinity&nbsp; CPUMASK CPUMASK …;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="470"><p style="font-size:14px;"><span style="font-family:Calibri;">CPU</span><span style="font-family:'宋体';">绑定;加上</span><span style="font-family:Calibri;">CPU</span><span style="font-family:'宋体';">掩码</span></p><p style="font-size:14px;"><span style="font-family:'宋体';">实例:</span><span style="font-family:Calibri;">worker_cpu_affinity 00000001 00000010 00000100;</span></p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="127"><p style="font-family:Calibri;font-size:14px;">worker_priority&nbsp; nice;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="470"><p style="font-family:Calibri;font-size:14px;">[-20, 19]</p></td></tr></tbody></table><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(3)</span><span style="font-weight:bold;font-family:Calibri;">调试定位</span><span style="font-weight:bold;font-family:Calibri;">Bug</span><span style="font-weight:bold;font-family:'宋体';">相关指令</span></p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="235"><p style="font-family:Calibri;font-size:14px;">daemon&nbsp; off|on;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="445"><p style="font-family:Calibri;font-size:14px;">是否以守护进程方式启动nignx;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="174"><p style="font-family:Calibri;font-size:14px;">master_process&nbsp; on|off;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="445"><p style="font-family:Calibri;font-size:14px;">是否以master/worker模型运行nginx;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="174"><p style="font-family:Calibri;font-size:14px;">error_log&nbsp; /PATH/TO/ERROR_LOG level;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="445"><p style="font-family:Calibri;font-size:14px;">错误日志文件及其级别;</p><p style="font-size:14px;"><span style="font-family:Calibri;">调试需要可以设定为debug;但debug在编译时使用了</span><span style="font-family:Calibri;">"</span><span style="font-family:Calibri;">--with-debug</span><span style="font-family:Calibri;">"</span><span style="font-family:'宋体';">选项</span></p></td></tr></tbody></table><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;2.event</span><span style="font-weight:bold;font-family:Calibri;">配置段</span><span style="font-weight:bold;font-family:'宋体';">常用参数</span></p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="226"><p style="font-family:Calibri;font-size:14px;">worker_connections &nbsp;#;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="436"><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp; </span><span style="font-family:Calibri;">每个worker进程所能够响应的最大并发请求数量;</span><span style="font-family:'宋体';">默认为</span><span style="font-family:Calibri;">1024</span><span style="font-family:'宋体';">;</span></p><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp;</span><span style="font-family:'宋体';">上限:</span><span style="font-family:Calibri;">worker_proceses * worker_connections</span></p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="97"><p style="font-family:Calibri;font-size:14px;">use&nbsp; [epoll|rgsig|select|poll];</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="426"><p style="font-family:Calibri;font-size:14px;">定义使用的事件模型;建议让nginx自动选择;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="97"><p style="font-family:Calibri;font-size:14px;">accept_mutex &nbsp;[on|off];</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="426"><p style="font-size:14px;"><span style="font-family:Calibri;">各worker接收用户的请求的负载均衡锁</span><span style="font-family:Calibri;">(</span><span style="font-family:'宋体';">互斥锁</span><span style="font-family:Calibri;">)</span></p><p style="font-size:14px;"><span style="font-family:Calibri;">on</span><span style="font-family:'宋体';">:</span><span style="font-family:Calibri;">启用</span><span style="font-family:'宋体';">,</span><span style="font-family:Calibri;">表示用于让多个worker轮流地、序列化地响应新请求;</span></p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="97"><p style="font-family:Calibri;font-size:14px;">lock_file&nbsp; /PATH/TO/LOCK_FILE;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="426"><p style="font-family:'宋体';font-size:14px;">锁文件位置</p></td></tr></tbody></table><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:21px;color:#17365D;"><span style="font-weight:bold;font-family:'宋体';">四、</span><span style="font-weight:bold;font-family:Calibri;">Nginx</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">http</span><span style="font-weight:bold;font-family:'宋体';">常规配置</span></p><p style="font-size:16px;"><span style="font-weight:bold;font-family:Calibri;color:#366092;">&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-weight:bold;font-family:'宋体';">说明:</span><span style="font-weight:bold;font-family:Calibri;">http</span><span style="font-weight:bold;font-family:'宋体';">的所有配置需要在</span><span style="font-weight:bold;font-family:Calibri;">http{ } </span><span style="font-weight:bold;font-family:'宋体';">配置段进行定义。未具体说明指令基于ngx_http_core_module模块配置</span></p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp; 1.</span><span style="font-weight:bold;font-family:'宋体';">主机或套接字相关指令</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(</span><span style="font-weight:bold;font-family:Calibri;">1</span><span style="font-weight:bold;font-family:Calibri;">) </span><span style="font-weight:bold;font-family:Calibri;">server {</span><span style="font-weight:bold;font-family:Calibri;">}</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">定义一个虚拟主机;</span><span style="font-weight:bold;font-family:Calibri;">server</span><span style="font-weight:bold;font-family:'宋体';">可以出现一次货多次</span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">server{</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">listenPORT;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">server_name &nbsp;NAME;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">root&nbsp;/PATH/TO/DOCUMENTROOT;</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">}</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">...</p><p style="font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 注意:</p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="font-family:Calibri;">1) 基于port</span><span style="font-family:'宋体';">:</span><span style="font-family:Calibri;">listen指令监听在不同的端口;</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="font-family:Calibri;">2) 基于hostname</span><span style="font-family:'宋体';">:</span><span style="font-family:Calibri;">server_name指令指向不同的主机名;</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(2) </span><span style="font-weight:bold;font-family:Calibri;">listen</span><span style="font-weight:bold;font-family:'宋体';">:配置监听端口</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp; </span><span style="font-family:'宋体';">使用格式:</span><span style="font-family:Calibri;">listen address[:port] [default_server] [ssl] [http2 | spdy] </span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; listen port [default_server] [ssl] [http2 | spdy]</p><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-family:'宋体';">注释:</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">default_server:设置默认虚拟主机;用于基于IP地址,或使用了任意不能对应于任何一个server的name时所返回站点;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">ssl:用于限制只能通过ssl连接提供服务;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">spdy:SPDYprotocol(speedy),在编译了spdy模块的情况下,用于支持SPDY协议;</p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">http2</span><span style="font-family:'宋体';">:支持</span><span style="font-family:Calibri;">httpversion 2</span><span style="font-family:'宋体';">第二版</span><span style="font-family:Calibri;">http</span><span style="font-family:'宋体';">协议</span><span style="font-family:Calibri;">;</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(3) </span><span style="font-weight:bold;font-family:Calibri;">server_name NAME [...];</span><span style="font-weight:bold;font-family:'宋体';">:指明主机名称</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;</span><span style="font-family:Calibri;">后可跟一个或多个主机名;名称还可以使用通配符和正则表达式(~</span><span style="font-family:'宋体';">引导整个正则表达式</span><span style="font-family:Calibri;">);</span></p><p style="margin-left:.375in;font-family:'宋体';font-size:14px;"><span style="font-weight:bold;">匹配顺序:</span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">1) 首先做精确匹配;例如:www.xxx.com</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">2) 左侧通配符;例如:*.xxx.com</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">3) 右侧通配符,例如:www.xxx.*</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">4) 正则表达式,例如:~^.*\.xxx\.com

5)default_server

   (4) tcp_nodelay on|off;

对keepalive模式下的连接是否使用TCP_NODELAY选项;一般为off

提高带宽利用率,将发往同一主机很小的TCP报文合并成一个;实际生产上对于用户请求即使浪费带块也不能合并请求

   (5) tcp_nopush on|off;

是否启用TCP_NOPUSH(FREEBSE)或TCP_CORK(Linux)选项;仅在sendfile为on时有用;

尝试将多个报文首部压缩成一个发送,默认off,不启用该功能

   (6) sendfile on|off;

是否启用sendfile功能;静态文件直接在内核中封装响应,而不是从内核空间到用户空间再发往内和空间

 

  2.路径相关指令

   (1) root:指明根文件路径

设置web资源的路径映射;用于指明请求的URL所对应的文档的目录路径;可用与serverlocaltion

实例:

server{

root  /data/www/vhosts;

}

http://www.xuding.com/images/logo.jpg –> /data/www/vhosts/images/logo.jpg

server{

server_name  www.xuding.com;

location/images/ {

root  /data/imgs/;

}

}

http://www.xuding.com/images/logo.jpg –> /data/imgs/images/logo.jpg

   (2) location

            允许根据用户请求的URI来匹配定义的各location匹配到时,此请求将被相应的location块中的配置所处理;即用于为需要用到专用配置的uri提供特定配置;

       使用格式:

              1) location @name { … }

   2) location[ = | ~ | ~* | ^~ ] uri { … }  

当能匹配多次时,其匹配优先级:精确匹配=、^~、~或~*、不带符号的URL;

=:URI的精确匹配,其后多一个字符都不可以,精确匹配根

~:做正则表达式匹配,区分字符大小写;

~*:做正则表达式匹配,不区分字符大小写;

^~:URI的左半部分匹配,不区分字符大小写;

           server {

server_name www.xuding.com;

root/data/www;

location  /admin/ {

}

}

   (3) alias定义路径别名只能用于location配置段

location  /images/ {

root/data/imgs/;

}

location  /images/ {

alias/data/imgs/;

}

          注意:

       root指令:给定的路径对应于location的“/”这个URL;/images/test.jpg –>  /data/imgs/images/test.jpg

       alias指令:给定的路径对应于location的“/uri/”这个URL;/images/test.jpg–>  /data/imgs/test.jpg

   (4) index :设置默认主页(ngx_http_index_module模块引入)

  可以带上变量,如geo</span><span style="font-family:'宋体';">更具不同</span><span style="font-family:Calibri;">IP</span><span style="font-family:'宋体';">地区来设置不同的语言主页</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; indexfile ...;</p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(5) </span><span style="font-weight:bold;font-family:Calibri;">error_page code ... [=[response]] uri;</span><span style="font-weight:bold;font-family:'宋体';">:自定义错误页面,</span><span style="font-weight:bold;font-family:Calibri;">根据http的状态码重定向错误页面;</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;</span><span style="font-family:'宋体';">实例:</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1)</span><span style="font-family:'宋体';">指明错误页面</span></p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">error_page&nbsp; 404&nbsp;/404.html</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">error_page 500 502 503 504 /50x.html</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">location = /50x.html {</p><p style="margin-left:1.5in;font-family:Calibri;font-size:14px;">root html;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">}</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2) 以指定的响应状态码进行响应</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">error_page&nbsp; 404&nbsp;=200&nbsp; /404.html</p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(6) </span><span style="font-weight:bold;font-family:Calibri;">try_files file ... uri;</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:'宋体';">以指定的顺序检查文件的存在性响应</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp; &nbsp;try_files file ... =code;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 尝试查找第1至第N-1个文件,第一个即为返回给请求者的资源;若1至N-1文件都不存在,则跳转至最一个uri(必须不能匹配至当前location,而应该匹配至其它location,否则会导致死循环);</p><p style="font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp; 3.</span><span style="font-weight:bold;font-family:'宋体';">面向</span><span style="font-weight:bold;font-family:Calibri;">客户端请求相关的配置</span></p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp; (</span><span style="font-weight:bold;">1</span><span style="font-weight:bold;">) </span><span style="font-weight:bold;">keepalive_timeout</span><span style="font-weight:bold;">&nbsp;# </span><span style="font-weight:bold;">;</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">设定keepalive连接的超时时长;0表示禁止长连接;默认为</span><span style="font-family:'宋体';">启用为</span><span style="font-family:Calibri;">75s;</span></p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(2) </span><span style="font-weight:bold;">keepalive_requests</span><span style="font-weight:bold;">&nbsp;</span><span style="font-weight:bold;"># </span><span style="font-weight:bold;">;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">在keepalived连接上所允许请求的最大资源数量;默认为100;</p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(3) </span><span style="font-weight:bold;">keepalive_disable</span><span style="font-weight:bold;"> … ….;</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">指明禁止为何种浏览器使用keepalive功能;</span><span style="font-family:'宋体';">默认</span><span style="font-family:Calibri;">none</span><span style="font-family:'宋体';">,也可以指明具体浏览器名称</span></p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(4) </span><span style="font-weight:bold;">send_timeout</span><span style="font-weight:bold;">&nbsp;#</span><span style="font-weight:bold;">;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">发送响应报文的超时时长,默认为60s;</p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(5) </span><span style="font-weight:bold;">client_body_buffer_size</span><span style="font-weight:bold;">&nbsp;size;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">接收客户请求报文body的缓冲区大小;默认为16k;超出此指定大小时将被移存于磁盘上;</p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(6) </span><span style="font-weight:bold;">client_body_temp_pathpath [level1 [level2 [level3]]];</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">设定用于存储客户端请求body的临时存储路径及子目录结构和数量;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">client_body_temp_path&nbsp; /var/tmp/client_body&nbsp; 2 2;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:16px;color:#366092;"><span style="font-weight:bold;">&nbsp; 4.</span><span style="font-weight:bold;">对客户端请求的进行限制</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(</span><span style="font-weight:bold;font-family:Calibri;">1</span><span style="font-weight:bold;font-family:Calibri;">) </span><span style="font-weight:bold;font-family:Calibri;">limit_excpet&nbsp; METHOD {...}</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">对指定范围之外的其它的方法进行访问控制;</span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">limit_except&nbsp; GET {</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">allow&nbsp; 172.16.0.0/16;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">denyall;</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">}</p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(2) </span><span style="font-weight:bold;">limit_rate&nbsp; </span><span style="font-weight:bold;"># </span><span style="font-weight:bold;">;</span></p><p style="font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 制客户端每秒钟所能够传输的字节数,默认为0表示无限制;</p><p style="margin-left:1.875in;font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:16px;color:#366092;"><span style="font-weight:bold;">&nbsp; 5.</span><span style="font-weight:bold;">文件操作优化相关的配置</span></p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp; (</span><span style="font-weight:bold;">1</span><span style="font-weight:bold;">) </span><span style="font-weight:bold;">aio&nbsp; on|off;</span><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;&nbsp; </span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;</span><span style="font-family:'宋体';">是否启用异步</span><span style="font-family:Calibri;">IO</span><span style="font-family:'宋体';">模式</span></p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(2) </span><span style="font-weight:bold;">directio&nbsp; size|off;</span><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp; </span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="font-family:'宋体';">直接</span><span style="font-family:Calibri;">IO</span><span style="font-family:'宋体';">;不在内存中缓冲,直接从硬盘加载使用</span><span style="font-family:Calibri;">(</span><span style="font-family:'宋体';">当大于指定</span><span style="font-family:Calibri;">size)</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">Enablesthe use of the O_DIRECT flag (FreeBSD, Linux), the F_NOCACHE flag (Mac OS X),or the directio() function (Solaris), when reading files that are larger thanor equal to the specified size.</p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(3) </span><span style="font-weight:bold;font-family:Calibri;">open_file_cache </span><span style="font-weight:bold;font-family:'宋体';">:打开文件缓存</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">open_file_cache off;&nbsp;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">open_file_cachemax=N [inactive=time];</p><p style="margin-left:.75in;font-size:14px;"><span style="font-weight:bold;font-family:'宋体';">注释:</span><span style="font-family:Calibri;">nginx可以缓存以下三种信息</span></p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">1)文件描述符、文件大小和最近一次的修改时间;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">2)打开的目录的结构;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">3)没有找到的或者没有权限操作的文件的相关信息;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp; max=N表示可缓存的最大条目上限;一旦达到上限,则会使用LRU算法从缓存中删除最近最少使用的缓存项;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp; inactive=time:在此处指定的时长内没有被访问过的缓存项是为非活动缓存项,因此直接删除;</p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(4) </span><span style="font-weight:bold;">open_file_cache_errorson | off;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">是否缓存找不到其路径的文件,或没有权限没有权限访问的文件相关信息;</p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(5) </span><span style="font-weight:bold;">open_file_cache_valid</span><span style="font-weight:bold;">&nbsp;# </span><span style="font-weight:bold;">;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">每隔多久检查一次缓存中缓存项的有效性;默认为60s;</p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(6) </span><span style="font-weight:bold;">open_file_cache_min_uses</span><span style="font-weight:bold;">&nbsp;# </span><span style="font-weight:bold;">;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">缓存项在非活动期限内最少应该被访问的次数;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp; 6.</span><span style="font-weight:bold;font-family:Calibri;">ngx_http_access_module模块</span><span style="font-weight:bold;font-family:'宋体';">调用</span><span style="font-weight:bold;font-family:Calibri;">配置(基于IP的访问控制)</span></p><p><span style="font-weight:bold;font-family:Calibri;font-size:15px;color:#366092;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-family:Calibri;font-size:14px;">allow address | CIDR | unix: | all;</span><span style="font-family:Calibri;font-size:14px;">&nbsp;&nbsp; </span><span style="font-family:'宋体';font-size:14px;">允许</span></p><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-family:Calibri;">deny address | CIDR | unix: | all;</span><span style="font-family:Calibri;">&nbsp;&nbsp;</span><span style="font-family:'宋体';">拒绝</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:'宋体';">可以应用于</span><span style="font-family:Calibri;">http, server, location, limit_except</span><span style="font-family:'宋体';">上下文范围内,直接指定</span><span style="font-family:Calibri;">IP</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp; 7.</span><span style="font-weight:bold;font-family:Calibri;">ngx_http_auth_basic_module模块</span><span style="font-weight:bold;font-family:'宋体';">调用</span><span style="font-weight:bold;font-family:Calibri;">配置(basic认证)</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(</span><span style="font-weight:bold;font-family:Calibri;">1</span><span style="font-weight:bold;font-family:Calibri;">) </span><span style="font-weight:bold;font-family:Calibri;">auth_basic string |off;</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">使用httpbasic认证协议对用户进行认证;</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">string</span><span style="font-family:'宋体';">为所给定字符,其作用在于认证时显示的提示所信息</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(2) </span><span style="font-weight:bold;font-family:Calibri;">auth_basic_user_file </span><span style="font-weight:bold;font-family:Calibri;">FILE </span><span style="font-weight:bold;font-family:Calibri;">;</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">实现用户认证的账号文件;</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="font-family:'宋体';">认证</span><span style="font-family:Calibri;">文件格式</span><span style="font-family:Calibri;">(</span><span style="font-family:'宋体';">需手动创建</span><span style="font-family:Calibri;">)</span><span style="font-family:Calibri;">:</span></p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">name1:password1</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">name2:password2:comment</p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="font-family:'宋体';">注意:</span><span style="font-family:Calibri;">密码</span><span style="font-family:'宋体';">需要加密,加密方式可以为</span><span style="font-family:Calibri;">encryptedwith the crypt() function; md5加密; </span></p><p style="margin-left:.75in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="font-family:'宋体';">密码可以用</span><span style="font-family:Calibri;">htpasswd</span><span style="font-family:'宋体';">创建:</span><span style="font-family:Calibri;">htpasswd-c -m&nbsp; </span><span style="font-family:Calibri;">/etc/nginx/.ngxhtpasswd</span><span style="font-family:Calibri;"> tom(</span><span style="font-family:'宋体';">创建第二个用户时需要将</span><span style="font-family:Calibri;">-c</span><span style="font-family:'宋体';">去掉</span><span style="font-family:Calibri;">)</span></p><p style="margin-left:.375in;font-family:'宋体';font-size:14px;"><span style="font-weight:bold;">实例:</span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">location/admin/ {</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">auth_basic"Admin Area";</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">auth_basic_user_file/etc/nginx/.ngxhtpasswd;</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">}&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp; 8.</span><span style="font-weight:bold;font-family:Calibri;">ngx_http_log_module模块</span><span style="font-weight:bold;font-family:'宋体';">调用</span><span style="font-weight:bold;font-family:Calibri;">配置(访问日志)</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(</span><span style="font-weight:bold;font-family:Calibri;">1</span><span style="font-weight:bold;font-family:Calibri;">) </span><span style="font-weight:bold;font-family:Calibri;">log_format&nbsp; name&nbsp;string&nbsp; ...;</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">定义日志格式及其名称;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">日志格式一般通过调用内置变量来定义;</p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">string</span><span style="font-family:'宋体';">:通过</span><span style="font-family:Calibri;">nginx</span><span style="font-family:'宋体';">所支持的变量</span><span style="font-family:Calibri;">(</span><span style="font-family:'宋体';">每个模块会引入自变量</span><span style="font-family:Calibri;">)</span><span style="font-family:'宋体';">来支持的</span></p><p style="font-size:15px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;(2) </span><span style="font-weight:bold;font-family:Calibri;">access_log</span><span style="font-weight:bold;font-family:'宋体';">:访问日志</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">access_logpath [format [buffer=size [flush=time]]];</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">access_logoff;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">访问日志文件路径,格式名称以及缓存大小和刷写时间间隔;建议定义缓冲以提升性能;</p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;(3) </span><span style="font-weight:bold;">open_log_file_cachemax=N [inactive=time] [min_uses=N] [valid=time];</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">open_log_file_cacheoff;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp; 9.</span><span style="font-weight:bold;font-family:Calibri;">ngx_http_stub_status_module模块</span><span style="font-weight:bold;font-family:'宋体';">调用</span><span style="font-weight:bold;font-family:Calibri;">配置:</span></p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="0"><p style="font-family:Calibri;font-size:14px;">stub_status;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="169"><p style="font-size:14px;"><span style="font-family:'宋体';">调用查看</span><span style="font-family:Calibri;">nginx</span><span style="font-family:'宋体';">状态指令</span></p></td></tr></tbody></table><p style="margin-left:.375in;font-family:'宋体';font-size:14px;"><span style="font-weight:bold;">实例:</span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">location /staus{</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stub_status;</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">}</p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">通过指定的uri输出stub status;</span><span style="font-family:'宋体';">其具体输出结果如下:</span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">Activeconnections: 291</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">serveraccepts handled requests</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">1663094816630948 31070465</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">Reading:6 Writing: 179 Waiting: 106&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="168"><p style="font-family:'宋体';font-size:16px;color:#366092;"><span style="font-weight:bold;">输出结果注释</span></p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="474"><br></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="110"><p style="font-family:Calibri;font-size:14px;">Active connections</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="464"><p style="font-family:Calibri;font-size:14px;">当前活动的客户端连接数</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="110"><p style="font-family:Calibri;font-size:14px;">accepts</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="464"><p style="font-size:14px;"><span style="font-family:Calibri;">已经接受的客户端连接总数量</span><span style="font-family:'宋体';">:</span><span style="font-family:Calibri;">16630948</span></p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="110"><p style="font-family:Calibri;font-size:14px;">handled</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="464"><p style="font-size:14px;"><span style="font-family:Calibri;">已经处理过后客户端连接总数量</span><span style="font-family:'宋体';">:</span><span style="font-family:Calibri;">16630948</span></p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="110"><p style="font-family:Calibri;font-size:14px;">requests</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="464"><p style="font-size:14px;"><span style="font-family:Calibri;">客户端的总的请求数量</span><span style="font-family:'宋体';">:</span><span style="font-family:Calibri;">31070465</span></p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="110"><p style="font-family:Calibri;font-size:14px;">Readking</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="464"><p style="font-family:Calibri;font-size:14px;">正在读取的客户端请求的数量</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="110"><p style="font-family:Calibri;font-size:14px;">Writing</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="464"><p style="font-family:Calibri;font-size:14px;">正向其发送响应报文的连接数量</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="110"><p style="font-family:Calibri;font-size:14px;">Waiting</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="464"><p style="font-family:Calibri;font-size:14px;">等待其发出请求的空闲连接数量</p></td></tr></tbody></table><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;10.</span><span style="font-weight:bold;font-family:Calibri;">ngx_http_referer_module模块</span><span style="font-weight:bold;font-family:'宋体';">调用</span><span style="font-weight:bold;font-family:Calibri;">配置(基于请求报文中的Referer首部的值做访问控制)</span></p><p style="font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; valid_referers&nbsp; none | blocked | server_names | string ...;</p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="144"><p style="font-family:Calibri;font-size:14px;">none</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="495"><p style="font-family:Calibri;font-size:14px;">请求报文不存在referer首部;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">blocked</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="485"><p style="font-family:Calibri;font-size:14px;">请求报文中存在referer首部,但其没有有效值,或其值非以http://或https://开头;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">server_names</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="485"><p style="font-family:Calibri;font-size:14px;">其值为一个主机名;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">arbitrary string</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="485"><p style="font-family:Calibri;font-size:14px;">直接字符串,可以使用*通配符;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">regular expression</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="485"><p style="font-family:Calibri;font-size:14px;">以~起始的正则表达式;</p></td></tr></tbody></table><p style="font-size:14px;"><span style="font-family:'宋体';">注意:</span><span style="font-family:Calibri;">内置变量:invalid_referer(所有不能符合valid_referer指定定义的引用请求均为不合法引用),需加上条件判断语句

    示例

valid_referers   none  blocked   server_names   *.example.com   example.* www.example.org/galleries/  ~\.google\.;        

if(invalid_referer) {</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">return&nbsp; 403;</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">}</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;11.</span><span style="font-weight:bold;font-family:Calibri;">ngx_http_gzip_module模块</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">gip</span><span style="font-weight:bold;font-family:'宋体';">压缩</span></p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="180"><p style="font-family:Calibri;font-size:14px;">gzip on | off;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="509"><p style="font-family:Calibri;font-size:14px;">启用或禁用gzip压缩响应报文;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="100"><p style="font-family:Calibri;font-size:14px;">gzip_comp_level &nbsp;level;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="509"><p style="font-family:Calibri;font-size:14px;">压缩比,1-9,默认为1;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="100"><p style="font-family:Calibri;font-size:14px;">gzip_disable regex &nbsp;...;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="509"><p style="font-family:Calibri;font-size:14px;">&nbsp;regex是为用于匹配客户端响应器类型的正则表达式;表示对何种浏览器禁止使用压缩功能;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="100"><p style="font-family:Calibri;font-size:14px;">gzip_min_length &nbsp;length;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="509"><p style="font-family:Calibri;font-size:14px;">触发压缩功能的响应报文的最小长度;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="100"><p style="font-family:Calibri;font-size:14px;">gzip_http_version &nbsp;1.0 | 1.1;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="509"><p style="font-family:Calibri;font-size:14px;">设定启用压缩功能时,协议的最小版本;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="100"><p style="font-family:Calibri;font-size:14px;">gzip_proxied # ;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="509"><p style="font-family:Calibri;font-size:14px;">off | expired | &nbsp;no-cache | no-store | private | no_last_modified | no_etag | auth | any ...;</p><p style="font-family:Calibri;font-size:14px;">定义对客户端请求的具有何种请求属性的资源启用压缩功能;如expired则表示对由于使用了expire首部而无法缓存的对象启用压缩功能;</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="100"><p style="font-family:Calibri;font-size:14px;">gzip_types &nbsp;mime-type ...;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="509"><p style="font-family:Calibri;font-size:14px;">指明仅对哪些类型的资源执行压缩操作;即压缩过滤器;</p></td></tr></tbody></table><p style="font-size:14px;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-weight:bold;font-family:'宋体';">实例</span><span style="font-weight:bold;font-family:Calibri;">:</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">gzip&nbsp; on;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">gzip_http_version1.0;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">gzip_comp_level6;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">gzip_disablemsie6;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">gzip_min_length2;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">gzip_typestext/plain text/css text/xml application/x-javascript application/xmlapplication/jsonapplication/java-script;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:21px;color:#17365D;"><span style="font-weight:bold;font-family:'宋体';">五、</span><span style="font-weight:bold;font-family:Calibri;">Nginx</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">https</span><span style="font-weight:bold;font-family:'宋体';">配置</span><span style="font-weight:bold;font-family:Calibri;">(</span><span style="font-weight:bold;font-family:'宋体';">基于</span><span style="font-weight:bold;font-family:Calibri;">ngx_http_ssl_module</span><span style="font-weight:bold;font-family:Calibri;">)</span></p><table cellpadding="0" cellspacing="0"><tbody><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="179"><p style="font-family:Calibri;font-size:14px;">ssl_certificate &nbsp;FILE;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="514"><p style="font-family:Calibri;font-size:14px;">证书文件路径</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">ssl_certificate_key&nbsp; FILE;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="524"><p style="font-family:Calibri;font-size:14px;">证书对应的私钥文件</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">ssl_ciphers &nbsp;CIPHERS;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="514"><p style="font-family:Calibri;font-size:14px;">指明由nginx使用的加密算法,可以是OpenSSL库中所支持各加密套件</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">ssl_protocols &nbsp;# ;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="514"><p style="font-family:Calibri;font-size:14px;">指明支持的ssl协议版本,[SSLv2] &nbsp;[SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2]默认为后三个</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">ssl_session_timeout &nbsp;#;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="514"><p style="font-family:Calibri;font-size:14px;">ssl会话超时时长;即ssl &nbsp;session cache中的缓存有效时长</p></td></tr><tr><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="75"><p style="font-family:Calibri;font-size:14px;">ssl_session_cache # ;</p></td><td style="border-style:solid;border-width:1px;vertical-align:top;padding:5px;" width="514"><p style="font-size:14px;"><span style="font-family:Calibri;">指明ssl会话缓存机制;off | none | [builtin[:size]] [shared:name:size]</span><span style="font-family:'宋体';">,默认使用</span><span style="font-family:Calibri;">shared</span></p></td></tr></tbody></table><p style="font-size:14px;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-weight:bold;font-family:'宋体';">说明:</span><span style="font-weight:bold;font-family:Calibri;">(</span><span style="font-weight:bold;font-family:Calibri;">ssl_session_cache</span><span style="font-weight:bold;font-family:Calibri;">)</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;off</span><span style="font-family:'宋体';">:禁止缓存,关闭缓存,不支持缓存功能</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;none</span><span style="font-family:'宋体';">:禁止缓存,不响应缓存</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp; builtin:使用OpenSSL内置的ssl会话缓存,对机制为各worker私有;</p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;</span><span style="font-family:Calibri;">shared:在各worker之间使用一个共享的缓存;name:独有名称;size:缓存空间大小</span><span style="font-family:Calibri;">,</span><span style="font-family:'宋体';">默认</span><span style="font-family:Calibri;">1M</span><span style="font-family:'宋体';">,可以调到</span><span style="font-family:Calibri;">10M</span><span style="font-family:Calibri;">;</span></p><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-weight:bold;font-family:Calibri;">&nbsp;</span><span style="font-weight:bold;font-family:'宋体';">注意:</span></p><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1)&nbsp; https</span><span style="font-family:'宋体';">定义时候也是定义在</span><span style="font-family:Calibri;">http{ }</span><span style="font-family:'宋体';">配置段,其监听配置定义:</span><span style="font-family:Calibri;">listen 443 ssl</span><span style="font-family:'宋体';">。不是以监听在</span><span style="font-family:Calibri;">443</span><span style="font-family:'宋体';">端口作为限定。</span><span style="font-family:Calibri;">用于限制只能通过ssl连接提供服务</span><span style="font-family:'宋体';">。</span></p><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2) </span><span style="font-family:'宋体';">若不在</span><span style="font-family:Calibri;">listen</span><span style="font-family:'宋体';">处定义,也可以在</span><span style="font-family:Calibri;">server{ }</span><span style="font-family:'宋体';">中定义</span><span style="font-family:Calibri;">ssl on; </span><span style="font-family:'宋体';">来启用</span><span style="font-family:Calibri;">https</span><span style="font-family:'宋体';">服务</span></p><p style="font-family:'宋体';font-size:14px;">&nbsp;</p><p style="font-family:'宋体';font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-size:21px;color:#17365D;"><span style="font-weight:bold;font-family:'宋体';">六、</span><span style="font-weight:bold;font-family:Calibri;">Nginx</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">http</span><span style="font-weight:bold;font-family:'宋体';">请求重写</span><span style="font-weight:bold;font-family:Calibri;">(</span><span style="font-weight:bold;font-family:Calibri;">ngx_http_rewrite_module</span><span style="font-weight:bold;font-family:Calibri;">)</span></p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;1.ngx_http_rewrite_module</span><span style="font-weight:bold;font-family:'宋体';">功能</span></p><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-family:Calibri;">将请求的url基于正则表达式进行重写</span><span style="font-family:Calibri;">(URL</span><span style="font-family:'宋体';">重定向</span><span style="font-family:Calibri;">)</span><span style="font-family:'宋体';">,在如下情况下可以使用:</span><span style="font-family:Calibri;">ttp</span><span style="font-family:'宋体';">转换成</span><span style="font-family:Calibri;">httpd</span><span style="font-family:'宋体';">服务</span><span style="font-family:Calibri;">http--&gt; https</span><span style="font-family:'宋体';">、域名转换</span><span style="font-family:Calibri;">domain1.tld --&gt; domain2.tld,</span><span style="font-family:'宋体';">、</span><span style="font-family:Calibri;">URL</span><span style="font-family:'宋体';">转换</span><span style="font-family:Calibri;">uri1 --&gt; uri2</span><span style="font-family:'宋体';">、实现</span><span style="font-family:Calibri;">SEO</span><span style="font-family:'宋体';">搜索引擎优化效果</span><span style="font-family:Calibri;"> …</span></p><p style="font-family:Calibri;font-size:14px;">&nbsp;</p><p style="font-family:Calibri;font-size:16px;color:#366092;"><span style="font-weight:bold;">&nbsp; 2.</span><span style="font-weight:bold;">指令</span></p><p style="font-family:Calibri;font-size:15px;color:#366092;"><span style="font-weight:bold;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(1)</span><span style="font-weight:bold;">rewrite&nbsp; regex&nbsp;replacement [flag];</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp; regex:正则表达式,用于匹配用户请求的url;</p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;</span><span style="font-family:Calibri;">replacement:重写</span><span style="font-family:Calibri;">(</span><span style="font-family:'宋体';">重定向、替换</span><span style="font-family:Calibri;">)</span><span style="font-family:'宋体';">成为</span><span style="font-family:Calibri;">的结果;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp; [flag]:</p><p style="margin-left:.75in;font-size:14px;"><span style="font-family:Calibri;">last:重写完成之后停止对当前uri的进一步处理,</span><span style="font-family:'宋体';">重新请求</span><span style="font-family:Calibri;">URL</span><span style="font-family:'宋体';">,</span><span style="font-family:Calibri;">对新url的新一轮</span><span style="font-family:'宋体';">从第一条开始匹配</span><span style="font-family:Calibri;">处理;</span></p><p style="margin-left:1.125in;font-family:'宋体';font-size:14px;">可能会出现死循环情况,此时可以设置循环次数,超过次数后返回给客户端错误</p><p style="margin-left:.75in;font-size:14px;"><span style="font-family:Calibri;">break:重写完成之后停止</span><span style="font-family:'宋体';">对</span><span style="font-family:Calibri;">当uri的处理,</span><span style="font-family:'宋体';">重写检查结果结束,</span><span style="font-family:Calibri;">转向其后面的其它配置;</span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">redirect:重写完成之后会返回客户端一个临时的重定向,由客户端对新的url重新发起请求(302);</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">permanent:重写完成之后会返回客户端一个永久的重定向,由客户端对新的url重新发起请求(301);</p><p style="margin-left:.375in;font-family:'宋体';font-size:14px;"><span style="font-weight:bold;">实例:</span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">server{</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">...</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">rewrite^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">rewrite^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra&nbsp;last;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">return&nbsp; 403;</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">...</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">}&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;</span><span style="font-family:'宋体';">验证请求:</span><a href="http://www.xxx.com/download/a/b/c/media/32.wmv" target="_blank" style="color: rgb(66, 133, 244);"><span style="font-family:Calibri;">http://</span><span style="font-family:Calibri;">ww</span><span style="font-family:Calibri;">w.</span><span style="font-family:Calibri;">xxx.</span><span style="font-family:Calibri;">com/download/a/b/c/media/32.wmv</span></a><span style="font-family:Calibri;">&nbsp;--&gt; </span><span style="font-family:Calibri;">&nbsp;&nbsp;</span><span style="font-family:Calibri;">/download/a/b/c/mp3/32.mp3</span></p><p style="font-size:14px;"><span style="font-family:Calibri;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span style="font-family:'宋体';">注意:</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">1)last</span><span style="font-family:'宋体';">和</span><span style="font-family:Calibri;">break</span><span style="font-family:'宋体';">请求处理是在服务器内部完成,客户端仅请求一次。</span><span style="font-family:Calibri;">redirect</span><span style="font-family:'宋体';">和</span><span style="font-family:Calibri;">permanent</span><span style="font-family:'宋体';">需要客户端再次请求</span></p><p style="margin-left:.375in;font-size:14px;"><span style="font-family:Calibri;">2)URL</span><span style="font-family:'宋体';">重写时所用的正则表达式需要使用</span><span style="font-family:Calibri;">PCRE</span><span style="font-family:'宋体';">格式。</span><span style="font-family:Calibri;">PCRE正则表达式元字符</span><span style="font-family:'宋体';">:</span></p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">字符匹配:.,[ ], [^]</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">次数匹配:*,+, ?, {m}, {m,}, {m,n}</p><p style="margin-left:1.125in;font-family:Calibri;font-size:14px;">位置锚定:^,

或者:|

分组:(),后向引用, 1,2, …

 

  3.if (condition) { … }条件判断,引用新的配置上下文

        condition可以为以下格式 

1) 比较表达式:

==,!=

~:模式匹配,区分字符大小写;

~*:模式匹配,不区分字符大小写;

!~:模式不匹配,区分字符大小写;

!~*:模式不匹配,不区分字符大小写;

2) 文件及目录判断:

-f,!-f:是否存在且为普通文件;

-d,!-d: 是否存在且为目录;

-e,!-e:是否存在;

-x,!-x:是否存在且可执行;

   实例:

        1) cookie首部检测匹配

if(httpcookie "id=([;]+)(?:;|)”) {

    set id1;

}

        2) 请求报文的请求方法是POST,返回405

if(request_method = POST) {</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp; return 405;</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">}</p><p style="font-size:15px;"><span style="font-weight:bold;font-family:Calibri;color:#366092;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3) </span><span style="font-weight:bold;font-family:'宋体';">限速</span><span style="font-weight:bold;font-family:Calibri;">(</span><span style="font-weight:bold;font-family:'宋体';">如会员认为不是</span><span style="font-weight:bold;font-family:Calibri;">slow</span><span style="font-weight:bold;font-family:'宋体';">不做限速</span><span style="font-weight:bold;font-family:Calibri;">) </span></p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">if(slow) {

    limit_rate 10k;

}

        4) 非法引用,返回403。注:也可以对非法引用到其他网页

if(invalid_referer) {</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">&nbsp;&nbsp;&nbsp; return 403;</p><p style="margin-left:.75in;font-family:Calibri;font-size:14px;">}</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;4.reture</span><span style="font-weight:bold;font-family:'宋体';">:</span><span style="font-weight:bold;font-family:Calibri;">立即停止对请求的uri的处理,并返回指定的状态码;</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">returncode [text];</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">returncode URL;</p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">returnURL;</p><p style="font-size:16px;color:#366092;"><span style="font-weight:bold;font-family:Calibri;">&nbsp;5.set</span><span style="font-weight:bold;font-family:'宋体';">:设定变量值,或者自定义变量</span></p><p style="margin-left:.375in;font-family:Calibri;font-size:14px;">setvariable value;   变量赋值;

 6.rewrite_log 重写日志

         rewrite_log on | off;是否将重写日志记入errorlog中,默认为关闭;

错误日志调试方法:错误日志debug,并开启rewrite_log;

                </div>