1替换模块
server{ sub_filter nginx 'ale'; sub_filter_once on; location /{ root /usr/share/nginx/html; index index.html index.htm
}
}
2.文件读取模块
sendfile on|off
tcp_nopush on|off #当包累计到一定大小后再发送
tcp_nodelay on|off #当开启ack数据包立即发送除去
3.文件压缩
http{
ngx_http_gzip_module 模块名
gzip on;
gzip_http_version 1.1;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php
image/jpeg image/gif image/png;
gzip static on;
}
4.页面缓存
vim /etc/nginx/nginx.conf location /{ root /usr/share/nginx/html; index index.html index.htm; expires 24h; }
5.防盗链
location ~*\.(gif|jpg|png|bmp)${ root /a.com; index index.html index.htm; valid_referers none blocked *.a.com server_names ~tianyun ~\.google\. ~.baidu\.;
if($invalid_referers){
return 403;
#rewrite.*http//a.com/403.jpg;
}
6.访问限制
ngx_http_limit_req_module
ngx_http_limit_conn_module #通过IP地址 限制链接tcp
http{
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;
限制请求 二进制地址,限制策略的名称,占用10m空间,允许每秒1次请求
limit_conn_zone $binary_remote_addr zone=conn_zone:10m;
server{
location/{
limit_req zone=req_zone;
limit_conn conn_zone 1;
引用 限制策略的名称
} } }
7.ip访问控制
ngx_http_access_module
Syntax:allow address |CICD|unix|all;
Context:http,server,location,limit_except
deny all
8.用户访问控制
基于用户(username&password) module:ngx_http_auth_basic_module 方法一: Syntax: auth_basic string|off context:http,server,location,limit_except 方法二: Syntax: auth_basic_user_file file; Context: http,server,location,limit_except
创建密码文件
htpasswd -cm /etc/nginx/conf.d/passwd user10 会话密码
htpasswd -m /etc/nginx/conf.d/passwd user10
配置:server{
auth_basic"nginx access test";
auth_basic_user_file /etc/nginx/conf.d/passwd
9.随机主页模块
server{
root /app;
randow_index on;
}
10.HTTP协议解析
11.测试工具
yum install -y httpd-tools ab -n 100 -c 10 http://服务器IP地址/