What is Nginx?

Nginx is an open source and reliable HTTP middleware proxy service.

The configuration directory

Master profile

/etc/nginx/nginx.conf configuration file

Nginx turns on, off, and restarts

Nginx -s stop, nginx -s reload, nginx -s reload Nginx -s reload smooth restart

The log file

/var/log/nginx

Look for methods when errors occur

The most important thing is the error log, error log, error log, when an error occurs, the first thing to think about is to look at the error log, to see why the error occurred.

  • Tail -n 10 /var/log/nginx/error.log
  • 2, find out the reason for the error, modify the configuration file/etc/nginx/conf. D/default. Conf
  • 3, check whether the modified error command is nginx -t
  • 4, smooth restart nginx-s reload

server_name

priority

1. If multiple servers match the same server_name, the priority that appears first is the highest.

location

Location matching rule

  • 1 = Indicates an exact match. A hit is made only if the requested URL path is exactly the same as the following string.
  • 2 ~ indicates that the rule is case-sensitive and is defined using regulars.
  • 3 to * indicates that the rule is case insensitive and is defined using regulars.
  • 4 ^~ Indicates that if the character following the symbol is the best match, this rule is adopted and no further search is performed. Matching order
  • 1 Returns if it matches =, that is, exactly matches the URL
  • 2 If a match is found to ^~, the match is returned and no match is expected. React A project in /home and react B in /codsse because of the following rules
^~ /codsse {
    ...
}
Copy the code

As a result, when the URL is /codesse/, it can match the index.html of project B, but at the same time, js in index.html of project B also matches the index.html of project B, so an infinite loop is formed.

  • 3 Match the following regular expression, ~ or ~*, if matches, return
  • If no match is found, the maximum match or 404 is returned
  • 5 = > ^~ > ~/~* Priority

try_files

Try_files is the file you are trying to find

Difference between alias and root

Root will link matches to location to access such as the following configuration

location /cat {
    root /cat/imgs/;
}
Copy the code

Alias = /cat/imgs/a.png; alias = /cat/imgs/a.png; alias = /cat/imgs/a.png

Nginx access control

http_access_module

Deny Allow Allows access

As a static resource server

Compressed static resources

1, gzip: on gzip_comp_level: 2

Setting expiration Time

Typically, browsers first check max-age and, if it expires, send eTag and Last-Modified to the server for verification 1 and set expires

Forward and reverse proxies

Forward proxy?

A forward proxy is a proxy client that initiates a request, such as a VPN that we often use

Reverse proxy?

This is when you proxy on the server side, for example, when you access a domain name, you don’t know if the actual resources are actually going there through nginx.

Cross domain access

Nginx allows cross-domain access

location /sddss/ {
       proxy_redirect off; # Turn off redirection
       add_header Access-Control-Allow-Origin *;
   }
Copy the code

Load balancing

Load balancing is the process of forwarding requests to different servers through Nginx. Each service can be configured with parameters such as weight, such as max_fails, and load balancing algorithms such as polling, such as ip-hash algorithm and URL-hash algorithm can also be selected

upsteam ii { serve 1; serve 2; } server { location / { proxy_pass ii; include proxy_params; }}Copy the code

Nginx as the cache server

Nginx acts as an intermediate cache, using proxy_cache_path

Nginx redirects the URL

Rewrite redirects matching urls into other urls based on regular matching

Rewrite the grammar

Rewrite redirects flag sets, including break, last,redirect, and permanent break, whereas last redirects down

Rewrite the priority

Rewrite rule in sever > rewrite rule in location

Nginx link cycle limits

Use the module

The secure_link_module principle is that nginx first returns the download link based on some information including MD5 and expries. Then, when downloading, Nginx verifies md5 and expiration time. The following link is returned: /download? mad5=dsdsd&expries=112233222

location ~ {
   secure_link
   secure_link_md5
}
Copy the code

Nginx distinguishes between foreign and domestic IP addresses

Use the module

Http_geoip_module can restrict access based on whether the IP address accessed is a domestic one

location / {
    if($geoip_country_code ! = CN) {return 403}}Copy the code

nginx https

HTTPS configuration

*1 Install OpenSSL http_SSL_module *2 Generate CA certificate *3 Configure

server {
    listen      443;
    server_name www.onedns.net;
    ssl         on;
    ssl_certificate     /etc/nginx/ssl/111net.pem;
    ssl_certificate_key /etc/nginx/ssl/2222.key;
    ssl_protocols       Tddsdss;
    ssl_ciphers         dddssdss;
Copy the code

HTTPS Service Optimization

*1 Enable keepalive long links *2 Enable SSL cache

nginx+ Lua

Lua basic syntax

  • 1 ~= Indicates that the value does not equal
  • 2 String concatenation..

Access different content based on IP address

Rationale: When a user accesses, nginx gets the user’s IP, accesses the IP database through Lua, and then allows different IP addresses to access different content.

location / {
    default_type "text/html";
    content_by_lua_file /opt/as.lua;
}
Copy the code

Nginx performance optimization

Ab Interface pressure test tool

Ab-n 2000-c 2 http://127.0.0.1

CPU affinity

Set worker Process to the number of CPU cores

Nginx security

Common attacks

  • 1 Password collision library
  • 2 File upload Vulnerability
  • 3 SQL injection