Nginx sets the directory protection, anti-theft chain, speed limit, multi-domain method

  

Nginx is a very good HTTP server software, can be implemented to achieve many functions, such as directory protection, IP access restrictions, anti-theft chain, download speed limit And set up multiple domain names and more.

I. NGINX directory protection and access restrictions

The configuration of Nginx protection directory is as follows, directory password protection file is /usr/local/nginx/htpasswd

location ~ /admin {#admin is the name of the directory to be protected. Location means to protect the admin directory auth_basic & rdquo; PLEASE LOGIN”; # is the information that will be displayed when entering the folder auth_basic_user_file /usr/local/nginx/htpasswd #验证User and password files, my settings here are placed in /usr/local/nginx/htpasswd}location ~ .php$ {fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /var/www/Bbs$fastcgi_script_name;include fastcgi_params;}

Note that when setting the directory password protection, please pay attention to the location of the configuration block. If it is placed behind the location ~ .php$ {} block, if it is a static page. Or a non-php file such as a picture, you will be prompted to enter a password, but if the php file is opened, the setting is invalid, and the php file will be executed directly and displayed. Therefore, be sure to place the block that you want to set the directory password protection before the location ~ .php$ {} block.
Generate password file:

htpasswd -b -c /usr/locla/nginx/htpasswd username password;

Second, NGINX anti-theft chain

In addition, NGINX anti-theft chain, to prevent others Stealing pictures (video, flash, software & hellip;) is of course OK drop! Also in the section of the server plus

 
  1. location ~* .(txt| Ico| Gif| Png| Bmp| Jpg| Jpeg| Zip| Rar| Gz| 7z| Exe| Mp3| Flv| Swf)$ {
  2. valid_referers none blocked opsers.org www.opsers.org ;
  3. if ($invalid_referer) {
  4. rewrite ^/
  5. }
  6. }

    this time location means that protection from the web root directory, counting all types of files are designated in accordance with this rule
    valid_referers none blocked, which means that no Blocking where to come from ~ Here is a space to separate the allowed domain name or ip location

    $invalid_referer means that the link is not allowed

    rewrite ^/means to specify the impermissible link to automatically turn Go to a page, or you can already set the 404 address, you can also uncomment this line and then remove the #return 404 annotation, it will automatically run to the 404 page you set.

    How to see if the anti-theft chain is effective, it is recommended that you look directly at the service log, do not take a website to test. Because of some shameless guys (such as Baidu), he will use his own image server to provide services. It is for this reason that the last time I was doing this, I wasted a lot of time.

    Third, NGINX download speed limit

    NGiNX can also limit the download speed limit! First find the limit_zone in the http section, then remove the comments ~

    1. # Set a region called crawler with a size of 20MB
    2. limit_zone crawler $binary_remote_addr 20m;
    3. Then add
    4. #limit in the section of server File type can only be downloaded from a single line
    5. location ~ .*.(zip| Rar| Gz| Tar| Exe| Mp3| Flv| Swf| Jpg| Jpeg)${
    6. limit_conn crawler 1;
    7. limit_rate 500k; #再加速速
    8. }
    9. # Limit specific folders underneath Single-line download
    10. # location /download/{
    11. #limit_conn crawler 1;
    12. #limit_rate 500k; #再加速速
    13. # } < Br>

      IV. NGINX multi-domain settings

      There is a serious problem in configuring PHP+Nginx today. The generic domain name is bound to the Nginx virtual host. In the program, you need to use two. Level domain names point to different content, but only access to the primary domain name anyway! In order to find the problem, one test, the following conclusion: no matter how many domain names are bound, using $_SERVER["SERVER_NAME"] will only return the first domain name bound in the virtual host!

      For example, the binding domain name is as follows:

      server_name www.fxzc.com *.fxzc.com fxzc.com

      Now I don't care what domain name I use, $_SERVER[" ;SERVER_NAME"] will only return to www.fxzc.com! ! This is a very serious problem, which has a fatal impact on pan-domain names!

      Since there is a problem, there is definitely a solution. . After the wiki master turned over N for a long time, finally found the information needed! It turns out that the value returned by $_SERVER["SERVER_NAME"] is provided by SERVER_NAME in Nginx's fastcgi_param, and the default configuration is:

      1. fastcgi_param SERVER_NAME $server_name;
        < Br>

        The $server_name variable in Nginx is the domain name set above, only the first one!

        This is easy to do, change the above configuration to:

        1. fastcgi_param SERVER_NAME $host;

          Just fine.

          Also need to add a line after the server_name configuration:

          1. server_name_in_redirect off;

            means that nginx is handling its own internal redirects The first domain name in the server_name setting is not used by default!

Copyright © Windows knowledge All Rights Reserved