1. 基本安装
官方站点 http://nginx.net/
wiki: http://wiki.codemongers.com/Main
模块用法 http://wiki.codemongers.com/NginxModules
mp4支持模块 http://wiki.codemongers.com/NginxMP4StreamingLite
地址加密模块 http://wiki.codemongers.com/NginxHttpAccessKeyModule
#Unpack, edit the “config” file, replace “$HTTP_ACCESSKEY_MODULE” to “ngx_http_accesskey_module”
依赖软件包 zlib-devel pcre-devel openssl-devel
编译参数: ./configure –prefix=/blog.zhangjianfeng.com/app/nginx-0.7.27 –user=www –group=www –with-http_stub_status_module –with-http_flv_module –add-module=./nginx_mp4_streaming_public –add-module=/tmp/nginx-0.7.27/nginx-accesskey-2.0.3 –with-http_ssl_module –with-cc-opt=’-O3′
# flv/mp4模块是支持拖动播放的,是否需要flv/mp4/accesskey根据需要决定
# accesskey需要
2. 配置
++ Nginx Redirect
#如果正规中有大括号{},需要用”"引号包起来
#支持last break redirect permanent
# http://wiki.codemongers.com/NginxHttpRewriteModule#rewrite
server
{
listen 80;
server_name linuxtone.org abc.linuxtone.org;
index index.html index.php;
root /data/www/wwwroot;
if ($http_host !~ “^www\.linxtone\.org$”) {
rewrite ^(.*) http://www.linuxtone.org$1 redirect;
}
……………………
}
++ 目录自动加斜线,解决IE浏览器不识别
if (-d $request_filename){
rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
}
++ Nginx 防盗链
#Preventing hot linking of images and other file types
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ {
valid_referers none blocked server_names *.linuxtone.org http://localhost baidu.com;
if ($invalid_referer) {
rewrite ^/ http://www.linuxtone.org/images/default/logo.gif;
# return 403;
}
}
++ Nginx expires
第一种方法:根据文件类型expires
# Add expires header for static content
location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ {
if (-f $request_filename) {
root /data/www/wwwroot/bbs;
expires 1d;
break;
}
第二种方法:根据判断某个目录
# serve static files
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root /data/www/wwwroot/down;
expires 30d;
}
++ Nginx 访问控制
#/usr/local/apache2/bin/htpasswd -c /usr/local/nginx/conf/htpasswd/tongji linuxtone 创建用户
location ~ ^/(tongji)/ {
root /data/www/wwwroot/count;
auth_basic “LT-COUNT-TongJi”;
auth_basic_user_file /usr/local/nginx/conf/htpasswd/tongji;
}
++ Nginx 禁止访问某类型的文件.
方法一:
location ~* \.(txt|doc)$ {
if (-f $request_filename) {
root /data/www/wwwroot/linuxtone/test;
break;
}
}
方法二
location ~* \.(txt|doc)${
root /data/www/wwwroot/linuxtone/test;
deny all;
}
}
++ 禁止访问某个目录
location ~ ^/(WEB-INF)/ {
deny all;
}
++使用ngx_http_access_module限制ip访问
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
deny all;
}
详细参见wiki: http://wiki.codemongers.com/NginxHttpAccessModule#allow
++ Nginx 下载限制并发和速率
limit_zone one $binary_remote_addr 10m;
