国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

Home Operation and Maintenance Nginx What are the advanced modules of nginx?

What are the advanced modules of nginx?

Nov 06, 2020 pm 04:58 PM
nginx

What are the advanced modules of nginx?

nginx advanced module

secure_link_module module

Function: used to verify the authenticity of the link (md5) and validity time (expires)

(Learning video sharing: java video tutorial)

nginx configuration

server {
    listen 7001;
    server_name study;
    root /home/jaryn/nginx_study/pic;

        location / {
                secure_link $arg_md5,$arg_expires;
                #md5生成方法和下面腳本一致,jaryn可以看成是服務(wù)端的“鹽值”
                secure_link_md5 "$secure_link_expires$uri jaryn";

                if ($secure_link = "") {
                        return 403;
                }
                if ($secure_link = "0") {
                        return 410;
                }
        }
}

The steps to generate access links secure_link_module.sh

#!/bin/sh
#
servername="www.jaryn.cn:7001"
download_file="/test.jepg"
time_num=$(date -d "2018-9-9 00:00:00" +%s)
secret_num="jaryn"

#利用openssl生成鏈接中的md5參數(shù)
res=$(echo -n "${time_num}${download_file} ${secret_num}"|openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d = )
echo "http://${servername}${download_file}?md5=${res}&expires=${time_num}"

execution Script

[root@localhost nginx_study]# sh secure_link_module.sh 
http://www.jaryn.cn:7001/test.jepg?md5=MqtYCSugfDKmLiKuskPmuA&expires=1536422400

Result

The generated link can be accessed normally, but if the md5 value or expiration time is changed, 403 will appear.

http_geoip_module module

Function: Match the MaxMind GeoIP binary file based on the ip address and read the regional information where the ip is located.

  • Differentiate http access rules at home and abroad

  • Differentiate http access rules for domestic urban areas

Installation module without module

yum install nginx-module-geoip

If you are prompted that there is no available software package

nginx-module-geoip

You need to replace the yum source of nginx

vim /etc/yum.repos.d/nginx.repo

Copy the following content into it

 [nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

Re-execute the installation

You can see the module under /etc/nginx/modules

nginx manually loads the module

cd /usr/share/nginx/modules/
vim self.conf

The content of the file is as follows

load_module "/usr/lib64/nginx/modules/ngx_http_geoip_module.so";

Download geoip dat data file

The address is as follows

國家文件:http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
城市文件:http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

Unzip the corresponding file

gunzip GeoIP.dat.gz
gunzip GeoLiteCity.dat.gz

nginx configuration

geoip_country /home/jaryn/nginx_study/data/GeoIP.dat;
geoip_city /home/jaryn/nginx_study/data/GeoLiteCity.dat;
server {
    listen 7001;
    server_name study;

        location / {
                if ($geoip_country_code != CN) {
                        return 403;
                }
                root /home/project/nginx-code;
                index admin.html;
        }
        #通過訪問/myip可以獲取相應(yīng)的ip和geo信息
        location /myip {
                default_type text/plain;
                return 200 "$remote_addr $geoip_country_name $geoip_country_code $geoip_city";
        }
}

Error

nginx: [emerg] module "/usr/lib64/nginx/modules/ngx_http_geoip_module.so" version 1012002 instead of 1014000 in /usr/share/nginx/modules/mod-http-geoip.conf:1

Solution

 yum remove nginx-mod*
 yum install nginx-module-*

Conclusion

Through configuration. Access from non-Chinese IP addresses will return 403, and only Chinese IP addresses can be accessed.

https module (nginx ssl)

If Linux does not have the openssl module, install openssl yourself.

Generate secret key and CA certificate, you need http-ssl-module module

Generate key secret key

#利用openssl生成

openssl genrsa -idea -out jaryn.key 1024

Generate certificate signature request file (csr file), generate certificate signature File (CA file)

#下面的命令需要根據(jù)提示輸入相應(yīng)的信息,輸入即可

openssl req -new -key jaryn.key -out jaryn.csr

#打包成crt

openssl x509 -req -days 3650 -in jaryn.csr -signkey jaryn.key -out jaryn.crt


#也可以直接用key生成crt文件,keyout會重新生成.key文件,重啟nginx的時候就不需要輸入密碼了

openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout jaryn.key  -out jaryn_a.crt

nginx configuration

    server {
        listen 443;
        server_name studyssl;

        ssl on;
        ssl_certificate /home/jaryn/nginx_study/ssl_key/jaryn.crt;
        ssl_certificate_key /home/jaryn/nginx_study/ssl_key/jaryn.key;

        index admin.html;
        location / {
                root  /home/project/nginx-code;
        }
    }

Access

`直接訪問你的地址,https默認443:https://192.168.1.10/admin.html`

https service optimization

Activate keepalive long connection

Set ssl session cache

    server {
        listen 443;
        server_name studyssl;

        ssl on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_certificate /home/jaryn/nginx_study/ssl_key/jaryn.crt;
        ssl_certificate_key /home/jaryn/nginx_study/ssl_key/jaryn.key;

        index admin.html;
        location / {
                root  /home/project/nginx-code;
        }
    }

Related recommendations:nginx tutorial

The above is the detailed content of What are the advanced modules of nginx?. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undress AI Tool

Undress AI Tool

Undress images for free

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

PHP Tutorial
1488
72
NGINX vs. Apache: Performance, Scalability, and Efficiency NGINX vs. Apache: Performance, Scalability, and Efficiency Apr 19, 2025 am 12:05 AM

NGINX and Apache are both powerful web servers, each with unique advantages and disadvantages in terms of performance, scalability and efficiency. 1) NGINX performs well when handling static content and reverse proxying, suitable for high concurrency scenarios. 2) Apache performs better when processing dynamic content and is suitable for projects that require rich module support. The selection of a server should be decided based on project requirements and scenarios.

NGINX vs. Apache: A Comparative Analysis of Web Servers NGINX vs. Apache: A Comparative Analysis of Web Servers Apr 21, 2025 am 12:08 AM

NGINX is more suitable for handling high concurrent connections, while Apache is more suitable for scenarios where complex configurations and module extensions are required. 1.NGINX is known for its high performance and low resource consumption, and is suitable for high concurrency. 2.Apache is known for its stability and rich module extensions, which are suitable for complex configuration needs.

NGINX and Apache: Understanding the Key Differences NGINX and Apache: Understanding the Key Differences Apr 26, 2025 am 12:01 AM

NGINX and Apache each have their own advantages and disadvantages, and the choice should be based on specific needs. 1.NGINX is suitable for high concurrency scenarios because of its asynchronous non-blocking architecture. 2. Apache is suitable for low-concurrency scenarios that require complex configurations, because of its modular design.

How to execute php code after writing php code? Several common ways to execute php code How to execute php code after writing php code? Several common ways to execute php code May 23, 2025 pm 08:33 PM

PHP code can be executed in many ways: 1. Use the command line to directly enter the "php file name" to execute the script; 2. Put the file into the document root directory and access it through the browser through the web server; 3. Run it in the IDE and use the built-in debugging tool; 4. Use the online PHP sandbox or code execution platform for testing.

After installing Nginx, the configuration file path and initial settings After installing Nginx, the configuration file path and initial settings May 16, 2025 pm 10:54 PM

Understanding Nginx's configuration file path and initial settings is very important because it is the first step in optimizing and managing a web server. 1) The configuration file path is usually /etc/nginx/nginx.conf. The syntax can be found and tested using the nginx-t command. 2) The initial settings include global settings (such as user, worker_processes) and HTTP settings (such as include, log_format). These settings allow customization and extension according to requirements. Incorrect configuration may lead to performance issues and security vulnerabilities.

How to limit user resources in Linux? How to configure ulimit? How to limit user resources in Linux? How to configure ulimit? May 29, 2025 pm 11:09 PM

Linux system restricts user resources through the ulimit command to prevent excessive use of resources. 1.ulimit is a built-in shell command that can limit the number of file descriptors (-n), memory size (-v), thread count (-u), etc., which are divided into soft limit (current effective value) and hard limit (maximum upper limit). 2. Use the ulimit command directly for temporary modification, such as ulimit-n2048, but it is only valid for the current session. 3. For permanent effect, you need to modify /etc/security/limits.conf and PAM configuration files, and add sessionrequiredpam_limits.so. 4. The systemd service needs to set Lim in the unit file

What are the Debian Nginx configuration skills? What are the Debian Nginx configuration skills? May 29, 2025 pm 11:06 PM

When configuring Nginx on Debian system, the following are some practical tips: The basic structure of the configuration file global settings: Define behavioral parameters that affect the entire Nginx service, such as the number of worker threads and the permissions of running users. Event handling part: Deciding how Nginx deals with network connections is a key configuration for improving performance. HTTP service part: contains a large number of settings related to HTTP service, and can embed multiple servers and location blocks. Core configuration options worker_connections: Define the maximum number of connections that each worker thread can handle, usually set to 1024. multi_accept: Activate the multi-connection reception mode and enhance the ability of concurrent processing. s

NGINX's Purpose: Serving Web Content and More NGINX's Purpose: Serving Web Content and More May 08, 2025 am 12:07 AM

NGINXserveswebcontentandactsasareverseproxy,loadbalancer,andmore.1)ItefficientlyservesstaticcontentlikeHTMLandimages.2)Itfunctionsasareverseproxyandloadbalancer,distributingtrafficacrossservers.3)NGINXenhancesperformancethroughcaching.4)Itofferssecur

See all articles