Nginx目录索引模块
ngx_http_autoindex_module 模块处理以斜杠字符('/')结尾的请求,并生成目录列表.当ngx_http_index_module 模块找不到索引文件时,通常会将请求传递给 ngx_http_autoindex_module 模块.
## autoindex_module模块语法
(语法)Syntax: autoindex on | off;
(默认)Default: autoindex off;
(环境)Context: http, server, location
## 举例
[root@web01 conf.d]# vim www.jin.com.conf
server {
listen 80;
server_name localhost;
location / {
root /code;
## 目录索引模块 开启;
autoindex on;
## 显示带单位的大小;
autoindex_exact_size off;
## 目录索引页面显示格式(默认html)
#autoindex_format json;
## 显示本地时间;
autoindex_localtime on;
}
}
Nginx状态模块
# 状态模块语法
Syntax: atub_status;
Default: —
Context: server, location
[root@web01 code]# vim /etc/nginx/conf.d/www.jin.com.conf
server {
listen 80;
server_name localhost;
location / {
root /code;
autoindex on;
autoindex_exact_size off;
#autoindex_format json;
autoindex_localtime on;
}
location = /jin {
stub_status;
}
}
Active connections # 当前活动的连接数
accepts # 当前的总连接数TCP
handled # 成功的连接数TCP
requests # 总的http请求数
Reading # 请求
Writing # 响应
Waiting # 等待的请求数
Nginx访问模块
基于用户密码(auth_basic)
## 安装htpasswd命令
[root@web01 conf.d]# yum install -y httpd
## 创建存放认证文件的目录
[root@web01 ~]# mkdir /etc/nginx/auth
## 创建认证文件内容
[root@web01 nginx]# htpasswd -b -c /etc/nginx/auth/jin_auth jin 123
## 查看认证文件内容
[root@web01 nginx]# cat /etc/nginx/auth/jin_auth
jin:$apr1$hN7zOBA4$pipPfyc2LKI/DrrfjHEB9.
## 开启认证语法
Syntax: auth_basic string | off;
Default: auth_basic off;
Context: http, server, location, limit_except
## 认证密码文件位置语法
Syntax: auth_basic_user_file file;
Default: —
Context: http, server, location, limit_except
## 修改nginx配置文件
[root@web01 nginx]# vim /etc/nginx/conf.d/www.jin.com.conf
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /code;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location = /jin {
stub_status;
auth_basic "password";
auth_basic_user_file /etc/nginx/auth/jin_auth;
}
}
## htpasswd
-b:允许命令行中输入密码
-c:创建一个新文件,将用户名和密码保存到指定文件中
## 多用户名登录
[root@web01 nginx]# htpasswd -b /etc/nginx/auth/jin_auth nan 123
Adding password for user nan
[root@web01 nginx]# htpasswd -b /etc/nginx/auth/jin_auth tang 123
Adding password for user tang
[root@web01 nginx]# cat /etc/nginx/auth/jin_auth
jin:$apr1$hN7zOBA4$pipPfyc2LKI/DrrfjHEB9.
nan:$apr1$BrYu3kAq$G4XMkt6lgrkFGQfhPAOrR0
tang:$apr1$yQWmJmp9$Sv5wVdRiyhP10AVHsl/r..
## nginx默认路径:/etc/nginx
基于IP访问控制(access)
## 允许的ip地址或网段语法
Syntax: allow address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
## 拒绝的IP地址或网段语法
Syntax: deny address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
默认情况下nginx是允许所有网段(allow all;)
[root@web01 ~]# vim /etc/nginx/conf.d/www.jin.com.conf
server {
listen 80;
server_name localhost;
auth_basic "password";
auth_basic_user_file /etc/nginx/auth/jin_auth;
#access_log /var/log/nginx/host.access.log main;
location / {
root /code;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location = /jin {
stub_status;
allow 10.0.0.8; ## 允许10.0.0.8IP访问(默认)
deny all; ## 禁止所有IP访问
}
}
## 注意:默认nginx是allow all;如果只允许某一个IP需要配合deny all使用,deny all;要放在最下面
curl http://用户名:密码@10.0.0.7 ## 查看浏览器网页内容
[root@web02 ~]# curl http://jin:123@10.0.0.7/jin
Active connections: 1
server accepts handled requests
65 65 75
Reading: 0 Writing: 1 Waiting: 0
访问频率限制
连接频率限制(limit_conn)
[root@web01 conf.d]# vim 10.0.0.10.conf
http{
limit_conn_zone $binary_remote_addr zone=conn_zone(随便起内存空间的名字):10m;
server {
listen 80;
server_name _;
limit_conn conn_zone(随便起内存空间的名字) 1; ## 调用http层limit_conn_zone
location / {
root /code;
index index.html index.htm;
}
}
}
请求频率限制(limit_req)
[root@web01 conf.d]# vim www.jin.com.conf
http {
# http标签段定义请求限制, rate限制速率,限制一秒钟最多一个IP请求
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;
server {
listen 80;
server_name localhost;
# 1r/s只接收一个请求,其余请求拒绝处理并返回错误码给客户端
#limit_req zone=req_zone;
# 请求超过1r/s,剩下的将被延迟处理,请求数超过burst定义的数量, 多余的请求返回503
limit_req zone=req_zone burst=5 nodelay; #(无延迟)
auth_basic "password";
auth_basic_user_file /etc/nginx/auth/jin_auth;
location / {
root /code;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location = /jin {
stub_status;
}
}
}
## 请求频率限制错误页面优化
[root@web01 code]# vim /etc/nginx/conf.d/www.jin.com.conf
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;
server {
listen 80;
server_name localhost;
limit_req zone=req_zone burst=5;
limit_req_status 508;
error_page 508 /508.html;
auth_basic "password";
auth_basic_user_file /etc/nginx/auth/jin_auth;
location / {
root /code;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location = /jin {
stub_status;
}
}
## 重定向页面
[root@web01 code]# pwd
/code
[root@web01 code]# vim 508.html
<img style='width:100%;height:100%;' src=http://10.0.0.7/508.png>
## 返回自定义的状态码语法
Syntax: limit_req_status code;
Default: limit_req_status 503;
Context: http, server, location
location优先级
匹配符 | 匹配规则 | 优先级 |
= | 精确匹配 | 1 |
^~ | 以某个字符串开头 | 2 |
~ | 区分大小写的正则匹配 | 3 |
~* | 不区分大小写的正则匹配 | 4 |
!~ | 区分大小写不匹配的正则 | 5 |
!~* | 不区分大小写不匹配的正则 | 6 |
/ | 通用匹配,任何请求都会匹配到 | 7 |
应用场景
# 通用匹配,任何请求都会匹配到
location / {
...
}
# 严格区分大小写,匹配以.php结尾的都走这个location
location ~ \.php$ {
...
}
# 严格区分大小写,匹配以.jsp结尾的都走这个location
location ~ \.jsp$ {
...
}
# 不区分大小写匹配,只要用户访问.jpg,gif,png,js,css 都走这条location
location ~* .*\.(jpg|gif|png|js|css)$ {
...
}
location ~* \.(jpg|gif|png|js|css)$ {
...
}
# 不区分大小写匹配
location ~* "\.(sql|bak|tgz|tar.gz|.git)$" {
...
}
