系统运维


nginx记录

<h3>80转443</h3> <pre><code>server{ listen 80; server_name new-activity.shiyue.com; return 301 https://$host$request_uri; }</code></pre> <h3>限制公司为的地址访问</h3> <pre><code> allow 113.108.148.74/32; allow 113.108.148.75/32; allow 113.108.148.76/32; allow 113.108.148.77/32; allow 113.108.148.78/32; allow 183.6.45.214/32; allow 212.64.95.174/32; allow 183.63.73.178/32; allow 183.63.73.179/32; allow 183.63.73.180/32; allow 183.63.73.181/32; allow 183.63.73.182/32; deny all;</code></pre> <h3>限制访问某个路由,跳转到指定路由</h3> <pre><code> # 限制特定路由的访问 location = /red_packet/get_redeem_code { allow 81.69.235.125; # 允许的IP地址 deny all; # 拒绝其他所有IP地址 root /data/www/sysdk-new/sdkapi-activity-new/app/Http/Controllers/RedPacket/; index RedPacketCodeController.php; access_log /data/logs/red.log json; #try_files $uri $uri/ /index.php?$query_string; } </code></pre> <h3>限制指定域名访问</h3> <pre><code>只有指定域名能访问,其余访问返回403 location ~.* { valid_referers *.shiyue.com shiyue.com *.shiyuegame.com shiyuegame.com tools.shiyue.com *.qingkonggame.com *.qlyxwl.com qlyxwl.com qingkonggame.com huanyuegame.com chengyuegame.com shiyuepub.com qiqugames.com mengquxx.com; if ($invalid_referer) { return 403; } expires max; } </code></pre> <h3>允许所有域名跨域访问</h3> <pre><code> location / { #limit_req zone=one burst=5 nodelay; try_files $uri $uri/ /index.php?$query_string; if ($request_method = &amp;#039;OPTIONS&amp;#039;) { # 允许任何域名跨域访问 add_header &amp;#039;Access-Control-Allow-Origin&amp;#039; &amp;#039;*&amp;#039;; add_header &amp;#039;Access-Control-Allow-Methods&amp;#039; &amp;#039;GET, POST, OPTIONS&amp;#039;; # 设置服务器允许的请求头字段 add_header &amp;#039;Access-Control-Allow-Headers&amp;#039; &amp;#039;Content-Type, Accept, Authorization&amp;#039;; # 设置预检请求的缓存时间(秒) add_header &amp;#039;Access-Control-Max-Age&amp;#039; 1728000; # 返回状态码 204 return 204; } }</code></pre> <h3>允许指定域名跨域访问</h3> <pre><code> location / { index index.php index.html index.htm; try_files $uri $uri/ /index.php?$query_string; if ($http_origin * (https://flow\.shiyuegame\.com)) { add_header &amp;#039;Access-Control-Allow-Origin&amp;#039; &amp;#039;*&amp;#039;; add_header &amp;#039;Access-Control-Allow-Methods&amp;#039; &amp;#039;GET, POST, OPTIONS&amp;#039;; add_header &amp;#039;Access-Control-Allow-Headers&amp;#039; &amp;#039;Content-Type, Accept, Authorization&amp;#039;; add_header &amp;#039;Access-Control-Max-Age&amp;#039; 1728000; return 204; } } </code></pre> <h3>默认配置</h3> <pre><code>server { listen 80; listen 443 ssl; ssl_certificate /data/conf/nginx/1_shiyuegame.com_bundle.crt; ssl_certificate_key /data/conf/nginx/2_shiyuegame.com.key; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; server_name api-inquiries.shiyue.com ; root /data/www/user-operation/inquiries/public; index index.html index.htm index.php; charset utf-8; access_log /data/logs/api-inquiries.shiyue.com.log json; location ~* ^/(.*\.(sql|log|DS_Store|bak|backup|old|swp|htaccess)$|(.svn/|.git/)|(.*(workspace\.xml|database\.yml|web\.config|web\.xml|package\.json|installed\.json|composer\.lock|phpinfo\.php|Dockerfile|package-lock\.json)$)) { deny all; } location ~.*\.(swf|xml|mp3|png|jpg|gif|data)$ { expires max; } location ~.*\.(css|js|mx)$ { expires 96h; } location ~ /.svn/ { deny all; } location / { index index.php index.html index.htm; try_files $uri $uri/ /index.php?$query_string; } location ~ .php { # 为了支持pathinfo,需将包含.php的URL交给fastcgi解析,同时需设置php.ini中的cgi.fix_pathinfo=1 expires off; access_log /data/logs/api-inquiries.shiyue.com.log json; fastcgi_pass 127.0.0.1:10081; fastcgi_index index.php; include fastcgi.conf; } } </code></pre> <h2>配置只允许域名访问,不能使用ip访问</h2> <pre><code>vim /data/nginx/conf/vhost/web-limit.conf server { listen 80 default_server; listen 443 ssl default_server; ssl_certificate /data/conf/nginx/no.crt; ssl_certificate_key /data/conf/nginx/no.key; server_name _; return 444; } #创建crt、key vim /data/nginx/conf/no.crt -----BEGIN CERTIFICATE----- MIIDlTCCAn2gAwIBAgIJAMM+8Rjd6tYLMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV BAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR0QxCzAJBgNVBAoMAkdEMQsw CQYDVQQLDAJHRDELMAkGA1UEAwwCR0QxETAPBgkqhkiG9w0BCQEWAkdEMB4XDTIy MTExNjAzNDQ1MloXDTMyMTExMzAzNDQ1MlowYTELMAkGA1UEBhMCQ04xCzAJBgNV BAgMAkdEMQswCQYDVQQHDAJHRDELMAkGA1UECgwCR0QxCzAJBgNVBAsMAkdEMQsw CQYDVQQDDAJHRDERMA8GCSqGSIb3DQEJARYCR0QwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDKEXbd58mCouXGzVj+qmnW8zZD/CdvekFed7jFLLMwsSQq KigZCD25YYGrfQYbIkrgRxNu4SGItZYECJpyPcKhcF4oOY4wiPHboKlKGEU733ZF 2FNmZAe3slXPns8UHl/g3XScIBzIT3lZDX2bCxxo9YGCxUcI9HQyhbLaqOVteprn Qd+DvrCelO6sNyNVoxxJxoTQRWewGTgUByuxEs0pnSjAgFB/93yJ71JLdFjBeU+1 Q4MGsi77f63rNQVack0ULXXxjomBXOvwdrM8bap3B3yTu9g4F1XYrAV87Ei1P9Sy MZNuQOodBfHWBHm50Kjm2qPSXRhRy6dBZtS14wP9AgMBAAGjUDBOMB0GA1UdDgQW BBQsoLQlcCCjaH5Utu1SE0aJztC0RzAfBgNVHSMEGDAWgBQsoLQlcCCjaH5Utu1S E0aJztC0RzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQA774z9KwQ8 51fYNHkoS7gPipsf8rKdjlfNFr6xOTY7CtumEd78OqkQn7VHP47amltMZbTuHo0A ugwKy4+of+y1b50RvBGwWVEtSsVXRpQ5v8PsCDk1TiGSmEi3XDeuG6cMjXzr/8yl RyZ369bv1lm+J9iwfC6X7ezgCom/G6eTg3MvQAq6XB4d4lrK7cC3oS2CbP5KUfSH iLAEH2n4U9QCFLNFXXGn5UgPiosirlEB2sPy8zN9TEUOughCpKnRKsH3c8MThhWL 28nrDOnoUJ6jc6ObO+e0PgS+JPhXCM4fGYq1oi7mJns8cQ777YWEO3S4k0AsAsgX OzcL8X5Ty42L -----END CERTIFICATE----- vim /data/nginx/conf/no.key -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAyhF23efJgqLlxs1Y/qpp1vM2Q/wnb3pBXne4xSyzMLEkKioo GQg9uWGBq30GGyJK4EcTbuEhiLWWBAiacj3CoXBeKDmOMIjx26CpShhFO992RdhT ZmQHt7JVz57PFB5f4N10nCAcyE95WQ19mwscaPWBgsVHCPR0MoWy2qjlbXqa50Hf g76wnpTurDcjVaMcScaE0EVnsBk4FAcrsRLNKZ0owIBQf/d8ie9SS3RYwXlPtUOD BrIu+3+t6zUFWnJNFC118Y6JgVzr8HazPG2qdwd8k7vYOBdV2KwFfOxItT/UsjGT bkDqHQXx1gR5udCo5tqj0l0YUcunQWbUteMD/QIDAQABAoIBAQCOJ3UhLYQlBCZ0 EliOaCKnVliRwV2Y3kAIjl8NT6IMGkKf6yJkYdjShtcrZnwaMKjOWRJByd3GiECu O8MzpWE8I4oJ8Fuop17GrKML/kEOmulgv4wEl1Cambomosl5lNjMn97+StUU0lxD GuuHXGyzJivjbJfJo/fu5wHpNDKbLgpk1SlbqVw56U6Bdwy2aG/V+tpxA7heJvnx G387T+2a0AzjrOVsZa0blX5C7udgmGQSkobMd+48BHjRvoxMY4CGTFodxDnXal73 8E9Td68M+JouJsTy6yxhKGc5ShDW4OQ/uEQrq+bHHps2g/jYNafRCVLWVtlx0bUu cx0GQ5cdAoGBAO2PdgR9nXAheKAlOof52FUrk31l7k5roWipXhbEDTBg/3wnagNj FJ9cQle8XgzRJMPS2TIYA/Dc7fOc2kBuuvAxPt2uY3kj65hrhJ6quJBoI4YGa5MO oF4T3WlnadfOyfH7bc/ao2KWA5PHNeF8+E/l69W1iwLynn1ADK5Z2fZjAoGBANnA vel9QuJgjQbP2YT1AhXYXHWvH83qIyfXJjCUHohfuvRVM/IZdxvIKpQAR8M0Y5np DYUdfAnIC6xyGvhjPGFKbTItn1jzKQeuU8JcBRPm/ejHCysPqruIb3s+EE7KkOXk YxhFGLAYGcIojZmkNsptWdveO+7M08M4pfYtkXofAoGAdA9MpzD/g9K2bfcCO4BS snmRmwf7fxCSUOG99/1cPDCHYQ6YeoMjhh+6wcZjZHuhLJKMTi7xbfFhx0zwS95N Mh+9COyz6HEmHtcYebQKa3KVOFtWnwfcTVoDKAW/7hE3FCO0KII2pGmJ4d7Hchxt 7Ar2Rvhkq9IAoEx0ZZG8LOUCgYEAm93CUuKtwJr595lKC0jRgE+KB1cefeeN2JPB q14q6NUVXpWqhC5EOuexypTUyV6zuNTAL7umMN43tO1MbuWhr8Z1mUhc2m/bu7rG C8aQf+mFcF0hmmYxgOEtY1tOkweeZmBvqkyzWkE2FuuuR/7qlUVm3+IYpluJbSEc crW1f2MCgYA4GcAkJVzNFyOuwUd1Xf/1Lt5m1yqD1q8DS3C5WW4UPur5uf3Yo8ek 6K2vxlDq+jHs3sr0kI41lWO8fBWaFEiEEyOzQDj6kvBgNVpwmlAe6FyaFL9sdg1o 80Mv9dN2zoht8Vk1Gen+mOWUsvb520whqyGkBJykz7bykQJafH0/Rw== -----END RSA PRIVATE KEY----- </code></pre> <h2>允许websocket连接</h2> <pre><code>server { listen 80; listen 443 ssl; ssl_certificate /data/conf/nginx/1_shiyue.com_bundle.crt; ssl_certificate_key /data/conf/nginx/2_shiyue.com.key; server_name test-yearning.shiyue.com; access_log /data/logs/test-yearning.shiyue.com json; error_log /data/logs/test-yearning.shiyue.com-error.log; location / { proxy_pass http://127.0.0.1:8000; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket specific settings proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection &amp;quot;upgrade&amp;quot;; } } </code></pre> <h2>添加nginx访问是进行httppass认证</h2> <pre><code>#nginx增加配置 auth_basic &amp;quot;**********&amp;quot;; auth_basic_user_file /data/nginx/conf/httppasswd; #密码文件的格式 用户名:加密后的密码 #设置密码文件 yum install httpd-tools -y htpasswd -b -c /data/nginx/conf/httppasswd admin 回车创建密码</code></pre>

页面列表

ITEM_HTML