nginx的location配置和模块
目录
NGINX模块
1、目录索引模块
# ngx_http_autoindex_module
ngx_http_autoindex_module模块处理以斜杠字符('/')结尾的请求,并生成目录列表。
当ngx_http_index_module模块找不到索引文件时,通常会将请求传递ngx_http_autoindex_module模块。
1.1、语法
Syntax: autoindex on | off;
Default: autoindex off;
Context: http, server, location
1.2、配置
[root@web02 conf.d]# vim a.conf
server {
listen 80;
location / {
root /tmp;
autoindex on;
}
}
1.3、测试
重启NGINX服务后测试
[root@web01 conf.d]# systemctl restart nginx
2、NGINX访问控制模块
# ngx_http_access_module
2.1、语法
# 允许访问的语法
Syntax: allow address | all;
Default: —
Context: http, server, location, limit_except
# 拒绝访问的语法
Syntax: deny address | all;
Default: —
Context: http, server, location, limit_except
# 如果配置允许,则也要配置拒绝;配置拒绝可以单独配置
2.2、配置
[root@web02 conf.d]# vim a.conf
server {
listen 80;
location / {
root /opt/html5-mario;
index index.html;
allow 192.168.177.7;
deny all;
}
}
2.3、测试
重启NGINX服务后测试
[root@web01 conf.d]# systemctl restart nginx
# 192.168.177.7访问web01
[root@web01 conf.d]# curl 192.168.177.7
<!doctype html><html><head><title>HTML5³¬¼¶êv</title><link rel="shortcut icon" href=favicon.png /><link rel=stylesheet type="text/css" href="VNkyVaVxUV.css"><script type="text/javascript" src="jquery.js"></script>
</head>
<body>
<h4>·½в¼¯ S¼¾/½bsp; A¼گʤ»4>
<div class=spacing></div>
<div class=main>
<canvas id=canvas width=640 height=480>
<p style="text-align: center;">գ¸⣡źµŤ¯@Ƿ²»֧³ՈTML5 Canvas£¬Φ²»£¬ȫ³¢˔ԃFirefox¡¢Chrome¡¢IE9䰀F>
</canvas>
<div class=spacing></div>
</div>
<script src="wNGu2CtEMx.js"></script>
<script src="QAuIByrkL.js"></script>
<script>$(document).ready(function() { new Enjine.Application().Initialize(new Mario.LoadingState(), 320, 240) });</script>
<div style="text-align:center;clear:both">
</div>
<div style="width:700px;margin:10px auto 20px auto;padding:0 0 0 250px;overflow:hidden">
<!-- Baidu Button BEGIN -->
<div id="bdshare" class="bdshare_t bds_tools_32 get-codes-bdshare" style="margin:10px 0 0 -4px">
<a class="bds_tsina"></a>
<a class="bds_tqq"></a>
<a class="bds_renren"></a>
<a class="bds_qzone"></a>
<a class="bds_douban"></a>
<a class="bds_xg"></a>
<span class="bds_more">¸pan>
<a class="shareCount"></a>
</div>
<script type="text/javascript" id="bdshare_js" data="type=tools" ></script>
<script type="text/javascript" id="bdshell_js"></script>
<script type="text/javascript">
document.getElementById("bdshell_js").src = "http://bdimg.share.baidu.com/static/js/shell_v2.js?cdnversion=" + new Date().getHours
();
</script>
<!-- Baidu Button END -->
</div>
</body>
</html>[root@web01 conf.d]#
# 192.168.177.8访问web01
[root@web02 ~]# curl 192.168.177.7
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
3、NGINX访问认证模块
# ngx_http_auth_basic_module
3.1、语法
# 开启的登录认证
Syntax: auth_basic string | off;
Default: auth_basic off;
Context: http, server, location, limit_except
# 指定登录用的用户名密码文件
Syntax: auth_basic_user_file file;
Default: —
Context: http, server, location, limit_except
3.2、配置
# 创建密码文件需要用到 htpasswd
[root@web01 ~]# htpasswd -c /etc/nginx/auth_basic admin
New password:
Re-type new password:
Adding password for user admin
[root@web01 conf.d]# vim a.conf
server {
listen 80;
location / {
auth_basic "11111";
auth_basic_user_file /etc/nginx/auth;
root /opt/html5-mario;
index index.html;
}
}
3.3、测试
重启NGINX服务后测试
[root@web01 conf.d]# systemctl restart nginx
4、NGINX状态监控模块
# ngx_http_stub_status_module
ngx_http_stub_status_module模块提供对nginx基本状态信息的访问。
默认情况下不构建此模块,应使用--with-http_stub_status_module配置参数启用它
4.1、语法
Syntax: stub_status;
Default: —
Context: server, location
4.2、配置
[root@web01 conf.d]# vim a.conf
server {
listen 80;
location / {
root /opt/html5-mario;
index index.html;
}
location = /basic_status {
stub_status;
}
}
4.3、测试
重启NGINX服务后测试
[root@web01 conf.d]# systemctl restart nginx
要查看监控信息,需要访问192.168.177.7/basic_status
Active connections #活跃的连接数
accepts #TCP连接总数
handled #成功的TCP连接数
requests #成功的请求数
Reading #读取的请求头
Writing #响应
Waiting #等待的请求数,开启了keepalive
# 注意, 一次TCP的连接,可以发起多次http的请求, 如下参数可配置进行验证
keepalive_timeout 0; # 类似于关闭长连接
keepalive_timeout 65; # 65s没有活动则断开连接
5、NGINX连接限制模块
# ngx_http_limit_conn_module
5.1、语法
#设置限制的空间
Syntax: limit_conn_zone key zone=name:size;
Default: —
Context: http
limit_conn_zone #设置空间的模块
key #指定空间存储的内容
zone #指定空间
=name #空间名字
:size; #空间的大小
#调用限制的空间
Syntax: limit_conn zone number;
Default: —
Context: http, server, location
limit_conn #调用空间的模块
zone #空间的名字
number; #指定可以同时连接的次数
5.2、配置
[root@web01 conf.d]# vim a.conf
limit_conn_zone $remote_addr zone=conn_zone:1m;
server {
listen 80;
location / {
limit_conn conn_zone 1;
limit_conn_status 509;
root /opt/html5-mario;
index index.html;
}
}
5.3、测试
重启NGINX服务后测试
[root@web01 conf.d]# systemctl restart nginx
[root@web01 conf.d]# ab -n 20000 -c 20 http://192.168.177.7/
-n #请求的次数
-c #一次请求并发的次数
[root@web01 conf.d]# ab -n 20000 -c 20 http://192.168.177.7/
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.177.7 (be patient)
Completed 2000 requests
Completed 4000 requests
Completed 6000 requests
Completed 8000 requests
Completed 10000 requests
Completed 12000 requests
Completed 14000 requests
Completed 16000 requests
Completed 18000 requests
Completed 20000 requests
Finished 20000 requests
Server Software: nginx/1.20.1
Server Hostname: 192.168.177.7
Server Port: 80
Document Path: /
Document Length: 1703 bytes
Concurrency Level: 20
Time taken for tests: 2.083 seconds
Complete requests: 20000
Failed requests: 1460
(Connect: 0, Receive: 0, Length: 1460, Exceptions: 0)
Write errors: 0
Non-2xx responses: 1460
Total transferred: 36450720 bytes
HTML transferred: 31861240 bytes
Requests per second: 9599.72 [#/sec] (mean)
Time per request: 2.083 [ms] (mean)
Time per request: 0.104 [ms] (mean, across all concurrent requests)
Transfer rate: 17085.77 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 1 0.7 1 3
Processing: 0 1 0.9 1 30
Waiting: 0 1 0.9 1 30
Total: 0 2 1.3 3 31
Percentage of the requests served within a certain time (ms)
50% 3
66% 3
75% 3
80% 3
90% 3
95% 3
98% 4
99% 4
100% 31 (longest request)
[root@web01 local]# tail -f /var/log/nginx/access.log
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 200 1703 "-" "ApacheBench/2.3" "-"
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 200 1703 "-" "ApacheBench/2.3" "-"
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 200 1703 "-" "ApacheBench/2.3" "-"
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 200 1703 "-" "ApacheBench/2.3" "-"
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 200 1703 "-" "ApacheBench/2.3" "-"
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 503 197 "-" "ApacheBench/2.3" "-"
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 503 197 "-" "ApacheBench/2.3" "-"
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 503 197 "-" "ApacheBench/2.3" "-"
192.168.177.7 - - [12/Aug/2021:16:04:26 +0800] "GET / HTTP/1.0" 200 1703 "-" "ApacheBench/2.3" "-"
可以看出有很多503,表示访问失败
6、NGINX请求限制模块
6.1、语法
#设置空间的语法
Syntax: limit_req_zone key zone=name:size rate=rate [sync];
Default: —
Context: http
limit_req_zone #设置空间的模块
key #空间存储的内容
zone #指定空间
=name #空间的名字
:size #空间的大小
rate=rate [sync]; #读写速率
#调用的语法
Syntax: limit_req zone=name [burst=number] [nodelay | delay=number];
Default: —
Context: http, server, location
limit_req #调用控件模块
zone=name #指定空间=空间的名字
[burst=number] #允许多请求几次
[nodelay | delay=number]; #延时
6.2、配置
[root@web01 conf.d]# vim a.conf
limit_conn_zone $remote_addr zone=conn_zone:1m;
limit_req_zone $remote_addr zone=req_zone:1m rate=1r/s;
server {
listen 80;
location / {
limit_conn conn_zone 1;
limit_conn_status 509;
limit_req zone=req_zone;
root /opt/html5-mario;
index index.html;
}
}
6.3、测试
重启NGINX服务后测试
[root@web01 conf.d]# systemctl restart nginx
重复刷新网页,就会报错
nginx的location配置
使用Nginx Location可以控制访问网站的路径,但一个server可以有多个location配置, 多个location的优先级该如何区分
1.语法
Syntax: location [ = | ~ | ~* | ^~ ] uri { ... }
location @name { ... }
Default: —
Context: server, location
2.location匹配符
| 匹配符 | 匹配规则 | 优先级 |
| = | 精确匹配 | 1 |
| ^~ | 以某个字符串开头 | 2 |
| ~ | 区分大小写的正则匹配 | 3 |
| ~* | 不区分大小写的正则匹配 | 3 |
| / | 通用匹配,任何请求都会匹配到 | 4 |
3.优先级验证
[root@web01 ~]# vim /etc/nginx/conf.d/youxianji.conf
server {
listen 80;
server_name linux.test.com;
location / {
default_type text/html;
return 200 "location /";
}
location =/ {
default_type text/html;
return 200 "location =/";
}
location ~ / {
default_type text/html;
return 200 "location ~/";
}
# location ^~ / {
# default_type text/html;
# return 200 "location ^~";
# }
}
4.Locaiton应用场景
# 通用匹配,任何请求都会匹配到
location / {
...
}
# 严格区分大小写,匹配以.php结尾的都走这个location
location ~ \.php$ {
...
}
# 严格区分大小写,匹配以.jsp结尾的都走这个location
location ~ \.jsp$ {
...
}
# 不区分大小写匹配,只要用户访问.jpg,gif,png,js,css 都走这条location
location ~* .*\.(jpg|gif|png|js|css)$ {
...
}
http://linux.test.com/1.PHP
http://linux.test.com/1.JPG
http://linux.test.com/1.jsp
http://linux.test.com/1.Gif
http://linux.test.com/1.PnG
http://linux.test.com/1.JsP
