nginx之线上CDN的rewrite规则修改

线上的CDN厂商的nginx的rewrite规则配置验证
环境介绍:
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

nginx服务是编译安装:

yum install -y gcc gcc-c++ make \
openssl-devel pcre-devel gd-devel libxslt-devel \
iproute net-tools telnet wget curl && \
yum clean all && \
rm -rf /var/cache/yum/*
wget http://nginx.org/download/nginx-1.12.2.tar.gz && \
tar zxf nginx-1.12.2.tar.gz && \
cd nginx-1.12.2 && \
./configure --prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-stream \
--with-stream_ssl_module && \
make -j 4 && make install && \
mkdir -p /usr/local/nginx/conf/vhost && \
rm -rf /usr/local/nginx/html/* && \
echo "ok" >> /usr/local/nginx/html/status.html

[root@localhost ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_secure_link_module --with-http_stub_status_module --with-stream --with-stream_ssl_module
[root@localhost ~]# 
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.

验证测试:
为使nginx vhost虚拟主机配置文件更简洁,所以采用include方式,把nginx的rewrite规则写到一个单独的配置文件中

[root@test01 vhost]# grep include /usr/local/nginx/conf/vhost/img.test.conf 
   include /data/www/images/.htaccess; 
  • 1.
  • 2.

** 下面的rewrite规则是云端CDN的提供的配置规则,但是其中3条规则存在问题**

[root@test01 03]# cat /data/www/images/.htaccess
rewrite ^/[a-zA-Z0-9]+/([0-9][0-9])([0-9][0-9])/([0-9]+).gjf$ /uploads/picture/2016/$1/$2/$3.gif last;
rewrite ^/[a-zA-Z0-9]+/([0-9][0-9])([0-9][0-9])/([0-9]+)(png|jpeg|jpg|gif)$ /uploads/picture/2016/$1/$2/$3.$4 last;
rewrite "^/.{6}[0-9]+/([0-9]{2})([0-9]{2})/(.*)$" /uploads/picture/2016/$1/$2/$3 ;
rewrite "^/.{6}[0-9]{4}/(.*)$" /uploads/picture/2016/$1 last;
rewrite "^/.{6}[0-9]{4}[0-9]{8}/(.*)$" /uploads/picture/$1 last; (此规则云端CDN配置有问题,位置应该放到第一的位置就可以了)
rewrite ^/[0-9]+\.([0-9]+)\.([0-9]+)\.([0-9]+)\.(.*)$ /uploads/picture/$1/$2/$3/$4 last; (此规则云端CDN配置有问题,点号不需要转译的)
rewrite ^/[0-9]+/([0-9][0-9])([0-9][0-9])/(.*)$ /uploads/picture/2016/$1/$2/$3 last;(此规则放到最后不合理,应该放到第三条规则的前面)
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.

本人亲自测试最合理的配置文件的规则如下:

[root@test01 ~]# cat /data/www/images/.htaccess 
#rewrite ^/[a-zA-Z0-9]+/(.*)$ /uploads/picture/$1 last;
rewrite "^/.{6}[0-9]{4}[0-9]{8}/(.*)$" /uploads/picture/$1 last;
rewrite ^/[a-zA-Z0-9]+/([0-9][0-9])([0-9][0-9])/([0-9]+).gjf$ /uploads/picture/2016/$1/$2/$3.gif last;
rewrite ^/[a-zA-Z0-9]+/([0-9][0-9])([0-9][0-9])/([0-9]+)(png|jpeg|jpg|gif)$ /uploads/picture/2016/$1/$2/$3.$4 last;

rewrite ^/[0-9]+/([0-9][0-9])([0-9][0-9])/(.*)$ /uploads/picture/2016/$1/$2/$3 last;
rewrite "^/.{6}[0-9]+/([0-9]{2})([0-9]{2})/(.*)$" /uploads/picture/2016/$1/$2/$3 ;
rewrite "^/.{6}[0-9]{4}/(.*)$" /uploads/picture/2016/$1 last;
rewrite ^/[a-zA-Z0-9]+.([0-9]+).([0-9]+).([0-9]+).(.*)$ /uploads/picture/$1/$2/$3/$4 last;
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.

基于CDN提供的原*nginx rewrite规则顺序逐一进行实例演示:

规则1

rewrite ^/[a-zA-Z0-9]+/([0-9][0-9])([0-9][0-9])/([0-9]+).gjf$ /uploads/picture/2016/$1/$2/$3.gif last;
  • 1.

说明:

/[a-zA-Z0-9]+/:匹配到任意的字符串;
$1指的是第一个圆括号([0-9][0-9]) 中的2位数;
$2指的是第二个圆括号([0-9][0-9]) 中的2位数;
$3指的是第三个圆括号([0-9]+)中的任意数字;([0-9]+).gjf:匹配到以gjf结尾的文件跳转到请求服务器上的([0-9]+).gif文件【注意:服务器上的([0-9]+).gif这个图片文件是必须存在的】
  • 1.
  • 2.
  • 3.
  • 4.

正常的浏览器访问:

http://img.test.com/uploads/picture/2016/08/03/1501742944.gif
http://img.test.com/uploads/picture/2016/08/03/1501742944.gif?base6412345
http://img.test.com/uploads/picture/2016/08/03/1501742944.gif???dwer
  • 1.
  • 2.
  • 3.

通过匹配到rewrite规则 浏览器访问:

http://img.test.com/awe21/0803/1501742944.gjf
http://img.test.com/22KDJH21/0803/1501742944.gjf??base64
  • 1.
  • 2.

服务器上文件的位置:

[root@test01 03]# ll /data/www/images/uploads/picture/2016/08/03/1501742944.gif
-rw-r--r--. 1 root root 184440 Aug  3  2017 /data/www/images/uploads/picture/2016/08/03/1501742944.gif
  • 1.
  • 2.

规则2:

rewrite ^/[a-zA-Z0-9]+/([0-9][0-9])([0-9][0-9])/([0-9]+)(png|jpeg|jpg|gif)$ /uploads/picture/2016/$1/$2/$3.$4 last;
  • 1.

说明:

/[a-zA-Z0-9]+/:匹配到任意的字符串;
$1指的是第一个圆括号([0-9][0-9]) 中的2位数;
$2指的是第二个圆括号([0-9][0-9]) 中的2位数;
$3指的是第三个圆括号([0-9]+)中的任意数字【注意:这些数字必须是服务器上存在的并且以png|jpeg|jpg|gif结尾文件的前面的数字】;
$4指的是第四个括号(png|jpeg|jpg|gif)中的服务器上必须存在的以png|jpeg|jpg|gif结尾的文件
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.

实例演示:

http://img.test.com/uploads/picture/2016/07/28/1469696883.jpeg
http://img.test.com/uploads/picture/2016/07/28/1469696883.jpeg??base64
http://img.test.com/aA01/0728/1469696883jpeg??base64
http://img.test.com/1/0728/1469696883jpeg
http://img.test.com/34chk/0728/1469696883jpeg
http://img.test.com/chkDHK/0728/1469696883jpeg
http://img.test.com/chkDHK123654/0728/1469696883jpeg?2345
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.

规则3:

rewrite "^/.{6}[0-9]+/([0-9]{2})([0-9]{2})/(.*)$" /uploads/picture/2016/$1/$2/$3 ;
  • 1.

说明:

^/.{6}[0-9]+/:匹配到任意6个字符串加任意数字;
$1指的是第一个圆括号([0-9]{2}) 中的2位数;
$2指的是第二个圆括号([0-9]{2}) 中的2位数;
$3指的是第三个圆括号(.*)中的任意字符串。当然$1,$2,$3这些字符串必须是服务器上实实在在存在的字符串,只有这样在浏览器请求时,才能获取到服务器上的图片
  • 1.
  • 2.
  • 3.
  • 4.

实例演示:
 http://img.test.com/uploads/picture/2016/07/28/1469696883.jpeg
 http://img.test.com/cHrtwK123/0728/1469696883.jpeg
 http://img.test.com/cHrtwK1234/0728/1469696883.jpeg
 http://img.test.com/cHrtwK4/0728/1469696883.jpeg??base64

规则4:

rewrite "^/.{6}[0-9]{4}/(.*)$" /uploads/picture/2016/$1 last;
  • 1.

说明:

^/.{6}[0-9]{4}:匹配到任意6个字符串加任意4个数字
  • 1.

实例演示:


http://img.test.com/uploads/picture/2016/07/28/1469696883.jpeg
http://img.test.com/cHrtwK4123/07/28/1469696883.jpeg
http://img.test.com/cH23wK4155/07/28/1469696883.jpeg
  • 1.
  • 2.
  • 3.
  • 4.

以下这样的是不符合规则的,所以找不到文件

http://img.test.com/cH23wK41/07/28/1469696883.jpeg
  • 1.

规则5:

rewrite "^/.{6}[0-9]{4}[0-9]{8}/(.*)$" /uploads/picture/$1 last;
  • 1.

说明:

^/.{6}[0-9]{4}[0-9]{8} :匹配到任意6个字符串加任意4个数字再加8个任意的数字
  • 1.

实例演示:

http://img.test.com/uploads/picture/2016/07/28/1469696883.jpeg
  • 1.

经测试,此rewrite规则放到此位置,是匹配不到图片的,所以位置得变动下,把此规则放到规则的首位就可以了

http://img.test.com/uploads/picture/2016/07/28/1469696883.jpeg
http://img.test.com/weijdg444433336666/2016/07/28/1469696883.jpeg
  • 1.
  • 2.

规则6:

rewrite ^/[a-zA-Z0-9]+.([0-9]+).([0-9]+).([0-9]+).(.*)$ /uploads/picture/$1/$2/$3/$4 last;
  • 1.

注意:此处的点号是不需要转译的,转译会导致rewrite规则不可用,就如下面的这条rewrite规则是不正确的

rewrite ^/[0-9]+\.([0-9]+)\.([0-9]+)\.([0-9]+)\.(.*)$ /uploads/picture/$1/$2/$3/$4 last;
  • 1.

实例演示:

下面的请求是可以打开的
http://img.test.com/SHDw.2017.11.26.1520924032.png
http://img.test.com/1wer1.2016.07.28.1469696883.jpeg
http://img.test.com/SHDw.2018.08.18.1489719802.png?base64

http://img.test.com/1wer1.2016.07.28/1520924032.png
http://img.test.com/SHDw.2018.08.18/1489719802.png?base64
http://img.test.com/SHDw.2017.11.26/1520924032.png
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.

规则7:

rewrite ^/[0-9]+/([0-9][0-9])([0-9][0-9])/(.*)$ /uploads/picture/2016/$1/$2/$3 last;
  • 1.

实例演示:
下面的请求是打不开的
 http://img.test.com/1345/0728/1469696883.jpeg
 http://img.test.com/1232345/0803/1661442694.jpg
 http://img.test.com/66/0803/1661442694.jpg

于是把第七条规则放到第四条规则:rewrite “^/.{6}[0-9]+/([0-9]{2})([0-9]{2})/(.*)$” /uploads/picture/2016/$1/$2/$3 ; 前面进行
测试

下面的请求都是可以打开的

http://img.test.com/1345/0728/1469696883.jpeg
http://img.test.com/1232345/0803/1661442694.jpg
http://img.test.com/66/0803/1661442694.jpg
  • 1.
  • 2.
  • 3.

规则八:
让我们继续看下本人亲自测试的文件:

[root@test01 ~]# cat /data/www/images/.htaccess 
#rewrite ^/[a-zA-Z0-9]+/(.*)$ /uploads/picture/$1 last;
rewrite "^/.{6}[0-9]{4}[0-9]{8}/(.*)$" /uploads/picture/$1 last;
rewrite ^/[a-zA-Z0-9]+/([0-9][0-9])([0-9][0-9])/([0-9]+).gjf$ /uploads/picture/2016/$1/$2/$3.gif last;
rewrite ^/[a-zA-Z0-9]+/([0-9][0-9])([0-9][0-9])/([0-9]+)(png|jpeg|jpg|gif)$ /uploads/picture/2016/$1/$2/$3.$4 last;

rewrite ^/[0-9]+/([0-9][0-9])([0-9][0-9])/(.*)$ /uploads/picture/2016/$1/$2/$3 last;
rewrite "^/.{6}[0-9]+/([0-9]{2})([0-9]{2})/(.*)$" /uploads/picture/2016/$1/$2/$3 ;
rewrite "^/.{6}[0-9]{4}/(.*)$" /uploads/picture/2016/$1 last;
rewrite ^/[a-zA-Z0-9]+.([0-9]+).([0-9]+).([0-9]+).(.*)$ /uploads/picture/$1/$2/$3/$4 last;
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.

如果把#rewrite ^/[a-zA-Z0-9]+/(.*)$ /uploads/picture/$1 last; 注释掉的规则放到第一条规则后面的任意位置进行测试

不显示文件:
http://img.test.com/qwerty1/2016/07/28/1469696883.jpeg
http://img.test.com/qwerty123/2016/07/28/1469696883.jpeg
http://img.test.com/qy123/2016/07/28/1469696883.jpeg
可以显示文件:
http://img.test.com/qwerty444455556666/2016/07/28/1469696883.jpeg
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.

于是干脆去掉注释放到第一条规则rewrite “^/.{6}[0-9]{4}[0-9]{8}/(.*)$” /uploads/picture/$1 last;的前面进行测试:

以下链接都可以正常的显示图片了:

http://img.test.com/qwerty1/2016/07/28/1469696883.jpeg
http://img.test.com/qwerty123/2016/07/28/1469696883.jpeg
http://img.test.com/qy123/2016/07/28/1469696883.jpeg
http://img.test.com/qwerty444455556666/2016/07/28/1469696883.jpeg
  • 1.
  • 2.
  • 3.
  • 4.

但是接着有发现:

http://img.test.com/uploads/picture/2016/07/28/1469696883.jpeg
http://img.test.com/uploads/picture/2018/08/18/1489719802.png
http://img.test.com/uploads/picture/2017/11/26/1520924032.png
  • 1.
  • 2.
  • 3.

相对路径的访问请求此时却打不开了,报错404,于是尝试把此规则放到其他规则的后i面进行测试,发现相对路径的访问请求都是不好使的。
于是注销掉此规则,下面的相对路劲的访问链接是又可以打开了

http://img.test.com/uploads/picture/2016/07/28/1469696883.jpeg
http://img.test.com/uploads/picture/2018/08/18/1489719802.png
http://img.test.com/uploads/picture/2017/11/26/1520924032.png
  • 1.
  • 2.
  • 3.

规则九:随意指定括号,但是括号内表达的字符范围必须是服务器上真实存在的

rewrite "^/([a-zA-Z0-9]+)([0-9]{2})([0-9]{2})/([0-9]+)([A-Za-z]{3})(\.|)(png|jpeg|jpg|gif)$" /uploads/picture/2016/$2/$3/$4.$7 last;
  • 1.

服务器文件存放路径:/data/www/images/uploads/picture/2016/03/05

允许请求后缀包含数字的同时包含3个字母
** 下面是可以正常访问的链接:**

 
   http://p.ccctt.com/MjExNw0305/421121556sdC.png
   http://p.ccctt.com/MjExNw0304/1345674534sdC.png
   http://p.ccctt.com/MjExNw1110304/1345674534sdC.png
   
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
   rewrite "^/([a-zA-Z0-9]+)([0-9]{2})([0-9]{2})/([0-9]+)([A-Za-z]{3}[0-9]{2})(\.|)(png|jpeg|jpg|gif)$" /uploads/picture/2016/$2/$3/$4.$7 last;
  • 1.

** 允许请求后缀包含数字的同时包含3个字母和2个数字:**

** 下面是可以正常访问的链接:**
```
 http://p.ccctt.com/MjExNw1110304/1345674534sdC21.png
 http://p.ccctt.com/MjExNw1110304/1345674534sdC11.png

   
  • 1.

rewrite “^/([a-zA-Z0-9]+)([0-9]{2})([0-9]{2})/([0-9]+)([A-Za-z]+)(.|)(png|jpeg|jpg|gif)$” /uploads/picture/2016/$2/$3/$4.$7 last;

**   允许请求后缀包含数字的同时包含任意字母:**
  ** 下面是可以正常访问的链接:**
  • 1.
  • 2.

 http://p.ccctt.com/MjExNw1110304/1345674534sdce.png
 http://p.ccctt.com/MjExNw1110304/1345674534s.png

	 



**总结:**
**Apache和nginx的rewrite规则的匹配是有顺序的,而且是从上往下依次匹配的。如果上面优先被匹配到就不再匹配下面的规则。**

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
posted @ 2018-08-12 17:35  勤奋的蓝猫  阅读(3)  评论(0编辑  收藏  举报  来源