Nginx配置靜態資源緩存時間及實現防盜鏈
阿新 • • 發佈:2018-08-24
上傳 驗證 val amp sin baseurl china 內容 def
創建軟件包存放目錄
環境
源主機:192.168.10.158
系統:centos 7.4
域名:www.wuxier.cn
盜鏈主機:192.168.10.191(使用Nginx+Tomcat實現負載均衡、動靜分離的實驗主機,點我進行復盤)
系統:centos 7.4
域名:www.ajie.com 和 www.taobao.com
[root@fudanwuxi ~]# mkdir /root/software [root@fudanwuxi ~]# cd /root/software/ [root@fudanwuxi software]# rz rz waiting to receive. Starting zmodem transfer. Press Ctrl+C to cancel. Transferring jdk-8u181-linux-x64.tar.gz... 100% 181295 KB 7882 KB/sec 00:00:23 0 Errors Transferring apache-tomcat-8.5.32.tar.gz... 100% 9360 KB 9360 KB/sec 00:00:01 0 Errors [root@fudanwuxi software]#
- 解壓JDK到/user/local/
[root@fudanwuxi software]# tar xzvf jdk-8u181-linux-x64.tar.gz -C /usr/local/- 查看JAVA是否安裝成功
[root@fudanwuxi software]# cd /usr/local/jdk1.8.0_181/bin/ [root@fudanwuxi bin]# ./java -version java version "1.8.0_181" Java(TM) SE Runtime Environment (build 1.8.0_181-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode) [root@fudanwuxi bin]#
- 配置環境變量
[root@fudanwuxi bin]# vi /etc/profile #新增下面三行
export JAVA_HOME=/usr/local/jdk1.8.0_181
export CLASSPATH=.:$JAVA_HOME/lib
export PATH=$PATH:$JAVA_HOME/bin
[root@fudanwuxi bin]# source /etc/profile- 關閉selinux
[root@fudanwuxi bin]# getenforce Enforcing [root@fudanwuxi bin]# setenforce 0 [root@fudanwuxi bin]# getenforce Permissive
- 安裝Nginx
[root@fudanwuxi bin]# cd /etc/yum.repos.d/
[root@fudanwuxi yum.repos.d]# vim nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@fudanwuxi yum.repos.d]# yum install nginx
[root@fudanwuxi yum.repos.d]# systemctl start nginx
[root@fudanwuxi yum.repos.d]# systemctl enable nginx
- 隱藏Nginx版本號
[root@fudanwuxi ~]# curl -I http://192.168.10.158
HTTP/1.1 200 OK
Server: nginx/1.14.0 #版本號
Date: Thu, 23 Aug 2018 02:22:14 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 17 Apr 2018 15:48:00 GMT
Connection: keep-alive
ETag: "5ad61730-264"
Accept-Ranges: bytes
[root@fudanwuxi ~]# vi /etc/nginx/nginx.conf
21 server_tokens off; #新增
22 access_log /var/log/nginx/access.log main;
[root@fudanwuxi ~]# systemctl restart nginx
[root@fudanwuxi ~]# curl -I http://192.168.10.158
HTTP/1.1 200 OK
Server: nginx #版本號隱藏了
Date: Thu, 23 Aug 2018 02:24:46 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 17 Apr 2018 15:48:00 GMT
Connection: keep-alive
ETag: "5ad61730-264"
Accept-Ranges: bytes- 在Nginx首頁添加一張圖片
[root@fudanwuxi conf.d]# cd /usr/share/nginx/html/
[root@fudanwuxi html]# rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring wuxier.jpg...
100% 5 KB 5 KB/sec 00:00:01 0 Errors
[root@fudanwuxi html]# cp index.html index.html.bak
[root@fudanwuxi html]# vi index.html #在首頁中添加剛上傳的圖片
13 <body>
14 <img src=http://192.168.10.158/wuxier.jpg> #新增,wuxier.jpg就是剛上傳的圖片
15 <h1>Welcome to nginx!</h1>
16 <p>If you see this page, the nginx web server is successfully installed and
17 working. Further configuration is required.</p>
18
19 <p>For online documentation and support please refer to
20 <a href="http://nginx.org/">nginx.org</a>.<br/>
21 Commercial support is available at
22 <a href="http://nginx.com/">nginx.com</a>.</p>
23
24 <p><em>Thank you for using nginx.</em></p>
25 </body>- 配置靜態資源緩存時間
[root@fudanwuxi html]# vim /etc/nginx/conf.d/default.conf #新增以下內容
location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
root /usr/share/nginx/html;
expires 2d;
}[root@fudanwuxi html]# systemctl restart nginx 
-
修改windows的hosts文件
- 修改虛擬主機 www.wuxier.cn 的配置文件
[root@fudanwuxi conf.d]# pwd
/etc/nginx/conf.d
[root@fudanwuxi conf.d]# cp default.conf wuxier.conf
[root@fudanwuxi conf.d]# ll
total 8
-rw-r--r--. 1 root root 1206 Aug 23 10:53 default.conf
-rw-r--r--. 1 root root 283 Aug 23 12:12 wuxier.conf
[root@fudanwuxi conf.d]# cat wuxier.conf
server {
listen 80;
server_name www.wuxier.cn;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
root /usr/share/nginx/html;
expires 2d;
}
}[root@fudanwuxi conf.d]# systemctl restart nginx 
- 驗證
- 當訪問的是taobao1時,如下圖
- 當訪問的是taobao2時,如下圖
- 源主機防盜鏈配置
[root@fudanwuxi conf.d]# cat wuxier.conf
server {
listen 80;
server_name www.wuxier.cn;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
# root /usr/share/nginx/html;
# autoindex on;
# expires 2d;
# }
location ~*\.(jpg|png|gif|jpeg)$ {
root /usr/share/nginx/html; #圖片路徑
valid_referers none blocked *.wuxier.cn wuxier.cn *.ajie.com ajie.com; #可以訪問圖片的白名單
if ($invalid_referer) { #如果來路不是指定的白名單來路,則返回下面的圖片
rewrite ^/ https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1535013233040&di=64a20c24bd1e4906ad2eb7205fe3abec&imgtype=0&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fexp%2Fw%3D480%2Fsign%3D7953092ec195d143da76e52b43f18296%2F8ad4b31c8701a18bbc22f762972f07082938fed6.jpg;
}
}
}
[root@fudanwuxi conf.d]# [root@fudanwuxi html]# systemctl restart nginx- 防盜鏈結果驗證
- 當訪問taobao1的時候,因為taobao1之前是使用了 www.wuxier.cn/wuxier.jgp 圖片,所以會返回盜鏈的圖片,如下圖
- 當訪問taobao2的時候,如下圖
- 當訪問 www.wuxier.cn 的時候,如下圖(白名單)
- 當訪問 www.ajie.com 的時候,如下圖(白名單)
- 當從配置文件wuxier.conf中將*ajie.com和ajie.com從白名單中刪除後,再進行訪問
[root@fudanwuxi conf.d]# vim /etc/nginx/conf.d/wuxier.conf
server {
listen 80;
server_name www.wuxier.cn;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# location ~ .*\.(gif|jpg|png|jpeg|bmp|ico|css)$ {
# root /usr/share/nginx/html;
# autoindex on;
# expires 2d;
# }
location ~*\.(jpg|png|gif|jpeg)$ {
root /usr/share/nginx/html;
valid_referers none blocked *.wuxier.cn wuxier.cn; #將*.ajie.com和ajie.com刪除
if ($invalid_referer) {
rewrite ^/ https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1535013233040&di=64a20c24bd1e4906ad2eb7205fe3abec&imgtype=0&src=http%3A%2F%2Fd.hiphotos.baidu.com%2Fexp%2Fw%3D480%2Fsign%3D7953092ec195d143da76e52b43f18296%2F8ad4b31c8701a18bbc22f762972f07082938fed6.jpg;
}
}
}
[root@fudanwuxi conf.d]# 訪問結果如下
Nginx配置靜態資源緩存時間及實現防盜鏈