Start from scratch in 2022, master the first configuration of Nginx with one blog

“This is the 11th day of my participation in the First Challenge 2022. For details: First Challenge 2022”

This blog post is about how to modify the nginx.conf file.

When nginx is installed, the default configuration is shown below (data source is automatically generated by pagodas). This blog focuses on configuring virtual machines, namely server block configuration items. The server block directive is mainly used to set the host and port, the Location block is used to match the web page path, and an HTTP block can contain multiple servers.

Basic configuration

server { listen 80; Server_name WWW domain.com; index index.php index.html index.htm default.php default.htm default.html; Root/WWW /wwwroot/ directory;# ssl-start SSL related configuration, do not delete or modify the next line of annotated rule 404
    #error_page 404/404.html;
    #SSL-END
    
    # error-page-start ERROR PAGE configuration, which can be commented, deleted, or modified
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END
    
    # php-info-start PHP references the configuration, which can be commented out or modified
    include enable-php-73.conf;
    #PHP-INFO-END
    
    # rewrite-start URL REWRITE rule references that will invalidate the pseudo-static rules set by the panelInclude/WWW/server/panel/vhost/rewrite/domain pseudo static files. Conf.#REWRITE-END
    
    The file or directory is forbidden to access
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }
    
    # One-click application for SSL certificate authentication directory Settingslocation ~ \.well-known{ allow all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; error_log /dev/null; access_log /dev/null; } location ~ .*\.(js|css)? $ { expires 12h; error_log /dev/null; access_log /dev/null; Access_log/WWW /wwwlogs/ domain namelog; Error_log/WWW /wwwlogs/ domain.error.log; }Copy the code

The first thing to learn here is what each configuration means.

# Express comments in configuration files.

Configuration list

The port number that the virtual host listens to

listen 80;
Copy the code

Bound domain name

Server_name WWW domain.com;Copy the code

Separate multiple domain names with Spaces.

Configure the default page

index index.php index.html index.htm default.php default.htm default.html;
Copy the code

Listening to the URL

# matches the URL
location / {
    The access path can be relative or absolute
    root   html;
    index  index.html index.htm;
}
Copy the code

The syntax for this rule is as follows:

location [=|~|~*|^~] /uri/ {
	# Write code
}
Copy the code

• =: Accurate matching;
• ~: case sensitive matching (with re available), corresponding to! ~;
• ~ *: a case-insensitive match (with a re available) corresponding to! ~ *;
• ^ ~: starts with a string;
• /: wildcard, which will be matched by any request;

Based on the above, look at the default configuration above to make sense

# return 404 when accessing user.ini,htaccess, etc
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
    return 404;
}
# matches. Well - known
location ~ \.well-known{
    allow all;
}

# Match files ending in GIF, JPG, JPEG, etc
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
    expires      30d;
    error_log /dev/null;
    access_log /dev/null;
}
Matches files that end in JS, CSSlocation ~ .*\.(js|css)? $ { expires 12h; error_log /dev/null; access_log /dev/null; }Copy the code

Can be matched in the content of the rules, write anti-theft chain code

Valid_referers None blocked domain name 1.cn Domain name 1.cn;# if it is
if ($invalid_referer) {
	# hotlinking prevention
	rewrite ^/ http://$host/logo.png;
}
Copy the code

The valid_referers syntax is as follows

valid_referers [none|blocked|server_names]
Copy the code

• none: Default value, which indicates nonerefererCase of value;
• blockedSaid:refererValues are masked by firewalls;
• server_names: List of domain names. Wildcard characters can be used*Number.

If the rule is matched, the $INVALID_referer variable is set to 1.

Nginx global variables, which are important to remember, can be used to implement a lot of logic. Assume that the requested address is http://www.baidu.com:88/test1/test2/a.php?ttt=123

• $args: Parameters in the request, and$query_stringConsistent, that is,ttt=123;
• $content_length: Content-Length field in the request header;
• $content_type: Content-Type field in the request header;
• $document_root: The value specified in the root directive for the current request;
• $document_uriAnd:$uriConsistent, request URI, i.ehttp://www.baidu.com:88/test1/test2/a.php;
• $host: Host header field in the request, i.ewww.baidu.com;
• $http_user_agent: Information about the client browser;
• $http_cookie: Client cookie information;
• $limit_rate: Limit the connection rate;
• $request_body_file: temporary file name of the body information requested by the client;
• $request_method: request method;
• $remote_addr: IP address of the client.
• $remote_port: Client port number.
• $remote_user: Client user name;
• $request_filename: File path of the current request;
• $request_uri: Contains the original URI of the request parameters, excluding the host name, that is/test1/test2/a.php
• $status: Request status code, success is 200;
• $http_referer: page source;
• $server_name: request server name;
• $server_port: server port number for request =;

At the same time we can also determine whether the request is a file, directory and other content in nginx request.

• -f 和 ! -fUsed to judge documents;
• -d 和 ! -dUsed to judge the directory;
• -e 和 ! -eUsed to identify files or directories;
• -x 和 ! -xUsed to determine whether the file is executable.

Rewrite is the rewrite rule, which can rewrite and redirect URLS using global variables provided by Nginx or variables we set, in combination with regular expressions and flag bits. Rewrite can only be placed in server{}, location{}, if{}. Rewrite only for domain name back to remove the string outside the parameters passed, for example, http://www.aaaa.com/a/b/c.php?id=1&user=hihell only for HP/a/b/c.p rewrite. Rewrite syntax looks like this:

rewrite regex replacement [flag];
Copy the code

Flag in the preceding syntax has the following values:

• lastRewrite ()server{} 和 if{};
• break: stops executing subsequent rewrite sets of instructions to the current virtual host;
• redirect : Returns 302 temporary redirect, and the address bar will display the redirected address.
• permanent: Returns 301 permanent redirect, and the address bar displays the redirected address.

One more thing to note is $1 and $2, which correspond to the regular parentheses above.

Examples are as follows:

location / {
		# match ^/news/([0-9]{5})\.html$, convert to /news_$1
        rewrite '^/news/([0-9]{5})\.html$' /news_The $1;
}
Copy the code

The above content represents a matching request to /news/123456.html, rewritten as /news_123456.

Other available configurations

Maximum number of single connection requests

server
{
	keepalive_requests 120;
}
Copy the code

Allowed domain names and prohibited domain names

server
{
	location [=|~|~*|^~] /uri/ {
		 deny www.baidu.com;  Domain name rejectedAllow 111.111.111.111;# Allowed IP}}Copy the code

Reverse Proxy Settings

location / {
    proxy_pass http://localhost:8080;   
    proxy_set_header Host $host:$server_port;    
}

Copy the code

Proxy_pass indicates the URL and port of the proxy server. Proxy_set_header Sets header parameters, such as Host, x-real-IP, and X-Forwarded-for

Set the syntax rule for error page error_page to

error_page 404 502 = @fetch; location @fetch { access_log /logs/face.log log404; Rewrite ^(.*)$http://rewrite ^(.*)$http://face.jpg redirect; }Copy the code

Other configurations in the Server block

• ssl_certificate:
• ssl_certificate_key:
• ssl_session_timeout:
• expires 2h: cache for 2 hours;
• listen 443 ssl: Certificate authentication is required for HTTPS access.

Nginx 80 redirect 443

server { listen 80; Server_name Domain name 1.com Domain name 2.com;return 301 https://$http_host$request_uri; } server{ listen 443 ssl; Server_name Domain name 1.com Domain name 2.com; }Copy the code

$http_host = $request_uri; $request_uri = $http_host = $request_uri; The $http_host parameter has several similar values:

• $host: IP address requested by the browser.
• $http_host: IP/ port number requested by the browser. The port number is displayed when it exists.
• $proxy_host: IP address/port number of the proxy service. Port 80 is not displayed.

The request log error_log parameter is used to set the log storage location.

Access control Allow /deny Multiple Allow and deny values can be set in each block to allow or deny the access of an IP address or IP address segment.

Return Command The syntax format of the command is

return code ;
Copy the code

This command is used to end the execution of a rule and return the status code to the client.

The syntax format of the Set command is

set $variable value ;  # Default value: None
Copy the code

This command is used to define a variable and assign a value to it. The value of a variable can be text, a variable, and a combination of both.

Recording time

Today is day 286/365 of continuous writing. You can follow me, like me, comment on me, favorites me.