Nginx目录索引模块


ngx_http_autoindex_module 模块处理以斜杠字符('/')结尾的请求,并生成目录列表.当ngx_http_index_module 模块找不到索引文件时,通常会将请求传递给 ngx_http_autoindex_module 模块.

## autoindex_module模块语法
(语法)Syntax: autoindex on | off;
(默认)Default: autoindex off;
(环境)Context: http, server, location

## 举例
[root@web01 conf.d]# vim www.jin.com.conf
server {
listen 80;
server_name localhost;

location / {
root /code;
## 目录索引模块 开启;
autoindex on;
## 显示带单位的大小;
autoindex_exact_size off;
## 目录索引页面显示格式(默认html)
#autoindex_format json;
## 显示本地时间;
autoindex_localtime on;
}
}

Nginx状态模块


# 状态模块语法
Syntax: atub_status;
Default: —
Context: server, location

[root@web01 code]# vim /etc/nginx/conf.d/www.jin.com.conf
server {
listen 80;
server_name localhost;

location / {
root /code;
autoindex on;
autoindex_exact_size off;
#autoindex_format json;
autoindex_localtime on;
}
location = /jin {
stub_status;
}
}

Nginx常用模块_vim

Active connections  # 当前活动的连接数
accepts # 当前的总连接数TCP
handled # 成功的连接数TCP
requests # 总的http请求数

Reading # 请求
Writing # 响应
Waiting # 等待的请求数

Nginx访问模块


基于用户密码(auth_basic)

## 安装htpasswd命令
[root@web01 conf.d]# yum install -y httpd

## 创建存放认证文件的目录
[root@web01 ~]# mkdir /etc/nginx/auth

## 创建认证文件内容
[root@web01 nginx]# htpasswd -b -c /etc/nginx/auth/jin_auth jin 123

## 查看认证文件内容
[root@web01 nginx]# cat /etc/nginx/auth/jin_auth
jin:$apr1$hN7zOBA4$pipPfyc2LKI/DrrfjHEB9.

## 开启认证语法
Syntax: auth_basic string | off;
Default: auth_basic off;
Context: http, server, location, limit_except

## 认证密码文件位置语法
Syntax: auth_basic_user_file file;
Default: —
Context: http, server, location, limit_except

## 修改nginx配置文件
[root@web01 nginx]# vim /etc/nginx/conf.d/www.jin.com.conf

server {
listen 80;
server_name localhost;

#access_log /var/log/nginx/host.access.log main;

location / {
root /code;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location = /jin {
stub_status;
auth_basic "password";
auth_basic_user_file /etc/nginx/auth/jin_auth;

}
}

## htpasswd
-b:允许命令行中输入密码
-c:创建一个新文件,将用户名和密码保存到指定文件中

## 多用户名登录
[root@web01 nginx]# htpasswd -b /etc/nginx/auth/jin_auth nan 123
Adding password for user nan
[root@web01 nginx]# htpasswd -b /etc/nginx/auth/jin_auth tang 123
Adding password for user tang
[root@web01 nginx]# cat /etc/nginx/auth/jin_auth
jin:$apr1$hN7zOBA4$pipPfyc2LKI/DrrfjHEB9.
nan:$apr1$BrYu3kAq$G4XMkt6lgrkFGQfhPAOrR0
tang:$apr1$yQWmJmp9$Sv5wVdRiyhP10AVHsl/r..

## nginx默认路径:/etc/nginx

基于IP访问控制(access)

## 允许的ip地址或网段语法
Syntax: allow address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except

## 拒绝的IP地址或网段语法
Syntax: deny address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except

默认情况下nginx是允许所有网段(allow all;)

[root@web01 ~]# vim /etc/nginx/conf.d/www.jin.com.conf

server {
listen 80;
server_name localhost;
auth_basic "password";
auth_basic_user_file /etc/nginx/auth/jin_auth;


#access_log /var/log/nginx/host.access.log main;

location / {
root /code;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location = /jin {
stub_status;
allow 10.0.0.8; ## 允许10.0.0.8IP访问(默认)
deny all; ## 禁止所有IP访问
}
}

## 注意:默认nginx是allow all;如果只允许某一个IP需要配合deny all使用,deny all;要放在最下面

curl http://用户名:密码@10.0.0.7 ## 查看浏览器网页内容
[root@web02 ~]# curl http://jin:123@10.0.0.7/jin
Active connections: 1
server accepts handled requests
65 65 75
Reading: 0 Writing: 1 Waiting: 0

访问频率限制


连接频率限制(limit_conn)

[root@web01 conf.d]# vim 10.0.0.10.conf 
http{
limit_conn_zone $binary_remote_addr zone=conn_zone(随便起内存空间的名字):10m;
server {
listen 80;
server_name _;
limit_conn conn_zone(随便起内存空间的名字) 1; ## 调用http层limit_conn_zone

location / {
root /code;
index index.html index.htm;

}
}
}

请求频率限制(limit_req)

[root@web01 conf.d]# vim www.jin.com.conf 
http {
# http标签段定义请求限制, rate限制速率,限制一秒钟最多一个IP请求
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;
server {
listen 80;
server_name localhost;
# 1r/s只接收一个请求,其余请求拒绝处理并返回错误码给客户端
#limit_req zone=req_zone;

# 请求超过1r/s,剩下的将被延迟处理,请求数超过burst定义的数量, 多余的请求返回503
limit_req zone=req_zone burst=5 nodelay; #(无延迟)
auth_basic "password";
auth_basic_user_file /etc/nginx/auth/jin_auth;

location / {
root /code;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location = /jin {
stub_status;
}
}
}


## 请求频率限制错误页面优化
[root@web01 code]# vim /etc/nginx/conf.d/www.jin.com.conf

limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;
server {
listen 80;
server_name localhost;
limit_req zone=req_zone burst=5;
limit_req_status 508;
error_page 508 /508.html;

auth_basic "password";
auth_basic_user_file /etc/nginx/auth/jin_auth;

location / {
root /code;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location = /jin {
stub_status;
}
}

## 重定向页面
[root@web01 code]# pwd
/code
[root@web01 code]# vim 508.html
<img style='width:100%;height:100%;' src=http://10.0.0.7/508.png>

## 返回自定义的状态码语法
Syntax: limit_req_status code;
Default: limit_req_status 503;
Context: http, server, location

location优先级


匹配符

匹配规则

优先级

=

精确匹配

1

^~

以某个字符串开头

2

~

区分大小写的正则匹配

3

~*

不区分大小写的正则匹配

4

!~

区分大小写不匹配的正则

5

!~*

不区分大小写不匹配的正则

6

/

通用匹配,任何请求都会匹配到

7

应用场景

# 通用匹配,任何请求都会匹配到
location / {
...
}

# 严格区分大小写,匹配以.php结尾的都走这个location
location ~ \.php$ {
...
}

# 严格区分大小写,匹配以.jsp结尾的都走这个location
location ~ \.jsp$ {
...
}

# 不区分大小写匹配,只要用户访问.jpg,gif,png,js,css 都走这条location
location ~* .*\.(jpg|gif|png|js|css)$ {
...
}
location ~* \.(jpg|gif|png|js|css)$ {
...
}

# 不区分大小写匹配
location ~* "\.(sql|bak|tgz|tar.gz|.git)$" {
...
}