2018-04-26 Linux学习

Posted 2020-11-01

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了2018-04-26 Linux学习相关的知识，希望对你有一定的参考价值。

12.13 nginx防盗链

配置如下，可以和上面的配置结合起来

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
    expires 7d;
    valid_referers none blocked server_names  *.test.com ;
    if ($invalid_referer) {
        return 403;
    }
    access_log off;
}

操作过程

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != ‘test.com‘ ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}

location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 7d;

access_log off;

}

location ~ .*.(js|css)$

{

expires 12h;

access_log off;

}

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
    expires 7d;
    valid_referers none blocked server_names  *.test.com ;
    if ($invalid_referer) {
        return 403;
    }
    access_log off;
}

access_log /tmp/test.com.log combined_realip;

}

[[email protected] ~]# touch /data/wwwroot/test.com/1.txt
[[email protected] ~]# vim /data/wwwroot/test.com/1.txt
test fangdaolian

未重启Nginx测试

[[email protected] ~]# curl -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 10:37:00 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Fri, 20 Apr 2018 09:54:31 GMT
Connection: keep-alive
ETag: "5ad9b8d7-0"
Expires: Fri, 27 Apr 2018 10:37:00 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

[[email protected] ~]# curl -e "http://www.baidu.com/1.txt"  -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 10:37:40 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Fri, 20 Apr 2018 09:54:31 GMT
Connection: keep-alive
ETag: "5ad9b8d7-0"
Expires: Fri, 27 Apr 2018 10:37:40 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

重启Nginx

[[email protected] ~]# /usr/local/nginx/sbin/nginx -tnginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

重启Nginx测试

[[email protected] ~]# curl -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 10:39:25 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Fri, 20 Apr 2018 09:54:31 GMT
Connection: keep-alive
ETag: "5ad9b8d7-0"
Expires: Fri, 27 Apr 2018 10:39:25 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

[[email protected] ~]# curl -e "http://www.baidu.com/1.txt"  -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 403 Forbidden
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 10:39:38 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[[email protected] ~]# curl -e "http://www.test.com/1.txt"  -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 10:40:14 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Fri, 20 Apr 2018 09:54:31 GMT
Connection: keep-alive
ETag: "5ad9b8d7-0"
Expires: Fri, 27 Apr 2018 10:40:14 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

以上两个测试说明防盗链功能成功了

12.14 Nginx访问控制

需求：访问/admin/目录的请求，只允许某几个IP访问，配置如下：
location /admin/
{
allow 192.168.133.1;
allow 127.0.0.1;
deny all;
}

mkdir /data/wwwroot/test.com/admin/
echo “test,test”>/data/wwwroot/test.com/admin/1.html
-t && -s reload
curl -x127.0.0.1:80 test.com/admin/1.html -I
curl -x192.168.133.130:80 test.com/admin/1.html -I

操作过程

[[email protected] test.com]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != ‘test.com‘ ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}

location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 7d;

access_log off;

}

location ~ .*.(js|css)$

{

expires 12h;

access_log off;

}

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
    expires 7d;
    valid_referers none blocked server_names  *.test.com ;
    if ($invalid_referer) {
        return 403;
    }
    access_log off;
}   
location /admin/
{
    allow 127.0.0.1;
    allow 192.168.106.160;
    deny all;
}   

access_log /tmp/test.com.log combined_realip;

}

[[email protected] test.com]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] test.com]# /usr/local/nginx/sbin/nginx -s reload

[[email protected] test.com]# curl -e "http://www.baidu.com/1.txt"  -x127.0.0.1:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Tue, 27 Mar 2018 19:32:41 GMT
Content-Type: text/html
Content-Length: 19
Last-Modified: Mon, 26 Mar 2018 21:02:38 GMT
Connection: keep-alive
ETag: "5ab95fee-13"
Accept-Ranges: bytes

[[email protected] test.com]# curl -x192.168.106.160:80 -I test.com/admin/
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Tue, 27 Mar 2018 19:34:01 GMT
Content-Type: text/html
Content-Length: 19
Last-Modified: Mon, 26 Mar 2018 21:02:38 GMT
Connection: keep-alive
ETag: "5ab95fee-13"
Accept-Ranges: bytes

可以匹配正则
location ~ .(abc|image)/..php$
{
deny all;
}
根据user_agent限制
if ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato‘)
{
return 403;
}
deny all和return 403效果一样

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf

在配置中继续添加：
location ~ .(upload|image)/..php$
{
deny all;
}

[[email protected] ~]# mkdir /data/wwwroot/test.com/upload
[[email protected] ~]# echo "11111" > /data/wwwroot/test.com/upload/1.php

[[email protected] ~]# curl -x127.0.0.1:80 test.com/upload/1.php
11111

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

[[email protected] ~]# curl -x127.0.0.1:80 test.com/upload/1.php
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

[[email protected] ~]# echo "121212" > /data/wwwroot/test.com/upload/1.txt
[[email protected] ~]# curl -x127.0.0.1:80 test.com/upload/1.txt
121212

[[email protected] ~]# cat /tmp/test.com.log 
...............................................
127.0.0.1 - [20/Apr/2018:19:04:00 +0800] test.com "/upload/1.php" 200 "-" "curl/7.29.0"
127.0.0.1 - [20/Apr/2018:19:04:26 +0800] test.com "/upload/1.php" 403 "-" "curl/7.29.0"
127.0.0.1 - [20/Apr/2018:19:06:34 +0800] test.com "/upload/1.txt" 200 "-" "curl/7.29.0"

添加后，会匹配大小写

[[email protected]linux-01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf

接上继续添加如下
if ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato‘)
{
return 403;
}

[[email protected] ~]# curl -A "Tomatosljlas" -x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 13:51:44 GMT
Content-Type: text/plain
Content-Length: 7
Last-Modified: Fri, 20 Apr 2018 11:06:09 GMT
Connection: keep-alive
ETag: "5ad9c9a1-7"
Accept-Ranges: bytes

[[email protected] ~]# curl -A "tomatosljlas" -x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 13:52:18 GMT
Content-Type: text/plain
Content-Length: 7
Last-Modified: Fri, 20 Apr 2018 11:06:09 GMT
Connection: keep-alive
ETag: "5ad9c9a1-7"
Accept-Ranges: bytes

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

[[email protected] ~]# curl -A "Tomatosljlas" -x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 403 Forbidden
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 13:53:02 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

[[email protected] ~]# curl -A "tomatosljlas" -x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 13:53:06 GMT
Content-Type: text/plain
Content-Length: 7
Last-Modified: Fri, 20 Apr 2018 11:06:09 GMT
Connection: keep-alive
ETag: "5ad9c9a1-7"
Accept-Ranges: bytes

修改if行,添加 * 号，大小写都识别

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
if ($http_user_agent ~* ‘Spider/3.0|YoudaoBot|Tomato‘)
{
return 403;
}

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

[[email protected] ~]# curl -A "tomatosljlas" -x127.0.0.1:80 test.com/upload/1.txt -I
HTTP/1.1 403 Forbidden
Server: nginx/1.14.0
Date: Fri, 20 Apr 2018 13:58:17 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

12.15 Nginx解析php相关配置

配置如下：
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}

fastcgi_pass 用来指定php-fpm监听的地址或者socket （出现502错误时需要检查）

操作过程

[[email protected] ~]# vim /data/wwwroot/test.com/3.php
<?php
phpinfo();
[[email protected] ~]# curl -x127.0.0.1:80 test.com/3.php
<?php
phpinfo();

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf

配置文件继续添加如下内容
location ~ .php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

[[email protected] ~]# curl -x127.0.0.1:80 test.com/3.php   //显示phpinfo信息

12.16 Nginx代理

cd /usr/local/nginx/conf/vhost
vim proxy.conf //加入如下内容
server
{
listen 80;
server_name ask.apelearn.com;

location /
{
    proxy_pass      http://121.201.9.155/;
    proxy_set_header Host   $host;
    proxy_set_header X-Real-IP      $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

操作过程

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/proxy.conf

写入以下内容
server
{
listen 80;
server_name ask.apelearn.com;

location /
{
    proxy_pass      http://47.91.145.78/;
    proxy_set_header Host   $host;
    proxy_set_header X-Real-IP      $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload

以下两个结果显示一样，代理配置成功
[[email protected] ~]# curl ask.apelearn.com/robots.txt
[[email protected] ~]# curl -x127.0.0.1:80 ask.apelearn.com/robots.txt

以上是关于2018-04-26 Linux学习的主要内容，如果未能解决你的问题，请参考以下文章

linux学习：Nginx--常见功能配置片段与优化-06

向Linus学习，让代码具有good taste

2018-04-26 模拟考试答题报告

[linux][c/c++]代码片段01

[linux][c/c++]代码片段02

IOS开发－OC学习－常用功能代码片段整理