Nginx的使用总结(四)
rewrite配置
nginx的rewrite配置是nginx配置中比较核心的部分,rewrite可以实现域名跳转(重定向)、URL重写(伪静态)、动静分离(跳转域名,并接入CDN实现加速)。rewrite依赖pcre库,用到的模块是ngx_http_rewrite_module。
rewrite相关指令
格式: if (条件判断) { 具体的rewrite规则 }
- 条件举例:
条件判断语句有nginx内置变量、逻辑判断符号和目标字符串三部分组成。
其中,内置变量是nginx固定的非自定义的变量,如$request_method、$request_uri等。
逻辑判断符号有 =、!=、~、~*、!~、!~*。
!表示取反,~为匹配符号,它右侧为正则表达式,区分大小写,而~*为不区分大小写匹配。
目标字符串可以是正则表达式,通常不用加引号,但表达式中有特殊符号时,比如空格、花括号、分号等,需要用单引号引起来。
- 示例1:
if ($request_method = POST)
{
return 405;
}
当请求的方法为POST时,直接返回405状态码。if中支持用return指令。
- 示例2:
if ($http_user_agent ~ MSIE )
{
return 403;
}
user_agent带有MSIE(IE浏览器)字符的请求,直接返回403状态码。
如果想同时限制多个user_agent,还可以写成这样:
if ($http_user_agent ~ "MSIE|firefox|spider")
{
return 403;
}
- 示例3:
if (!-f $request_filename)
{
rewrite 语句;
}
当请求的文件不存在时,将会执行下面的rewrite规则。
- 示例4:
if ($request_uri ~* 'gid=\d{9,12}/')
{
rewrite 语句;
}
\d表示数字,{9,12}表示数字出现的次数是9到12次,比如gid=123456789是符合条件的,就会执行下面的rewrite规则。
break和last指令
两个指令用法相同,但含义不同,需要放到rewrite规则的末尾,用来控制重写后的链接是否继续被nginx配置执行(主要是rewrite、return指令)。
示例1:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on; #打开rewrite日志,在error.log中
rewrite /1.html /2.html;
rewrite /2.html /3.html;
}
重载配置:
# echo "111111" > /data/wwwroot/www.1.com/2.html
# echo "222222" > /data/wwwroot/www.1.com/2.html
# echo "333333" > /data/wwwroot/www.1.com/3.html
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com/1.html
333333
说明已经从1.html跳转到3.html,实际访问到的是3.html。
查看日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 17:51:27 [notice] 28386#0: *1 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 17:51:27 [notice] 28386#0: *1 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 17:51:27 [notice] 28386#0: *1 "/2.html" matches "/2.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 17:51:27 [notice] 28386#0: *1 rewritten data: "/3.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
示例2:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
rewrite /1.html /2.html break;
rewrite /2.html /3.html;
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com/1.html
222222
说明这一次是从1.html跳转到2.html,没有继续往下面跳转。
查看日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:02:18 [notice] 28507#0: *2 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:02:18 [notice] 28507#0: *2 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
示例3:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
rewrite /1.html /2.html last;
rewrite /2.html /3.html;
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com/1.html
222222
查看日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:08:21 [notice] 28533#0: *3 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:08:21 [notice] 28533#0: *3 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
说明这一次也是从1.html跳转到2.html,没有继续往下面跳转。在server部分配置break和last作用一致。
示例4:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
location / {
rewrite /1.html /2.html;
rewrite /2.html /3.html;
}
location /2.html {
rewrite /2.html /a.html;
}
location /3.html {
rewrite /3.html /b.html;
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com/1.html
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
查看日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:18:11 [notice] 6932#0: signal 17 (SIGCHLD) received from 28533
2019/03/11 18:18:27 [notice] 28558#0: *4 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 "/2.html" matches "/2.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 rewritten data: "/3.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 "/3.html" matches "/3.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 rewritten data: "/b.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 "/1.html" does not match "/b.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 "/2.html" does not match "/b.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [error] 28558#0: *4 open() "/data/wwwroot/www.1.com/b.html" failed (2: No such file or directory), client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
首先匹配到1.html,1.html跳转到2.html;再匹配到2.html,2.html又跳转到3.html;接下来匹配到3.html,3.html跳转到b.html;b.html还会继续匹配,但没有匹配到,所以访问b.html,因为b.html不存在,所以返回404状态码。
示例5:
如果我们在server部分使用了location,那break和last的作用就有区别了。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
location / {
rewrite /1.html /2.html break;
rewrite /2.html /3.html;
}
location /2.html {
rewrite /2.html /a.html;
}
location /3.html {
rewrite /3.html /b.html;
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com/1.html
222222
查看日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:32:55 [notice] 6750#0: *5 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:32:55 [notice] 6750#0: *5 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
可以看到,只rewrite一次,从1.html跳转到2.html就直接退出,后面的location部分也不再执行了。
示例6:
如果我们在server部分使用了location,那break和last的作用就有区别了。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
location / {
rewrite /1.html /2.html last;
rewrite /2.html /3.html;
}
location /2.html {
rewrite /2.html /a.html;
}
location /3.html {
rewrite /3.html /b.html;
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com/1.html
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
查看日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:38:57 [notice] 6759#0: *6 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 "/2.html" matches "/2.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 rewritten data: "/a.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 "/1.html" does not match "/a.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 "/2.html" does not match "/a.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [error] 6759#0: *6 open() "/data/wwwroot/www.1.com/a.html" failed (2: No such file or directory), client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
先从1.html跳转到2.html,因为有last,所以本location段内的下面的内容不再执行,但是会继续执行下面的location段,最后匹配到2.html(因为比 / 更精准),从2.html跳转到a.html,因为a.html不存在,所以返回404状态码。
综上,我们可以得到结论:
* 当rewrite规则在location{}外,break和last作用一样,遇到break或last后,其后续的rewrite/return语句不再执行。但后续有location{}的话,还会近一步执行location{}里面的语句,当然前提是请求必须要匹配该location。
* 当rewrite规则在location{}里,遇到break后,本location{}与其他location{}的所有rewrite/return规则都不再执行。
* 当rewrite规则在location{}里,遇到last后,本location{}里后续rewrite/return规则不执行,但重写后的url再次从头开始执行所有规则,哪个匹配执行哪个。
return用法
return指令一般用于对请求的客户端直接返回响应状态码。在该作用域内return后面的所有nginx配置都是无效的。可以使用在server、location以及if配置中。
除了支持跟状态码,还可以跟字符串和url链接。
示例1:
server {
listen 80;
server_name www.1.com;
return 403;
rewrite /(.*) /abc/$1; #该行配置不会被执行
}
.*
表示所有,$1表示前面的.*
# vim /usr/local/nginx/conf/vhost/default.conf
server {
listen 80 default_server;
return 403;
rewrite /(.*) /abc/$1;
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 e2rwejqw.com
<html>
<head><title>403 Forbidden</title></head> #返回403
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
示例2:
server {
......
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 405;
rewrite /(.*) /aaa.txt; #该行配置不会被执行
}
#如果下面还有其他配置,会被执行
......
}
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 405;
rewrite /(.*) /aaa.txt;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 405 Not Allowed #返回405
Server: nginx
Date: Mon, 11 Mar 2019 08:20:55 GMT
Content-Type: text/html
Content-Length: 166
Connection: keep-alive
返回字符串
示例3:
server {
listen 80;
server_name www.1.com;
return 200 "hello";
}
如果想返回字符串,必须加上状态码,否则会报错。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 200 "error";
rewrite /(.*) /aaa.txt;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Mar 2019 08:26:58 GMT
Content-Type: application/octet-stream
Content-Length: 5
Connection: keep-alive
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd
error
另外还可以支持JSON数据;支持写一个变量;支持html代码。
- 场景实战:
背景:网站被黑,凡是在百度点击到本网站的请求,全部都跳转到一个赌博网站。
通过nginx解决:
server {
......
if ( $http_referer ~ 'baidu.com' ) {
return 200 "<html><script>window.location.href='//$host$request_uri';</script></html>";
}
}
如果写成:return http://$host$reauest_uri;
,这在浏览器中会提示“重定向的次数过多”。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 200 "<html><script>window.location.href='//$host$request_uri';</script></html>";
rewrite /(.*) /aaa.txt;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Mar 2019 08:54:17 GMT
Content-Type: application/octet-stream
Content-Length: 79
Connection: keep-alive
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd
<html><script>window.location.href='//www.1.com/123/.htpasswd';</script></html>
返回url
示例4:
server {
listen 80;
server_name www.1.com;
return http://www.baidu.com;
rewrite /(.*) /abc/$1; #该行配置不会被执行
}
注意:return后面的url必须是以http://
或者https://
开头的。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return http://www.baidu.com;
rewrite /(.*) /abc/$1;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 11 Mar 2019 08:44:07 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: http://www.baidu.com #临时重定向到www.baidu.com
url前面也可以加状态码,但只能是301或302,如果是200,这url会变成字符串返回。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 200 http://www.baidu.com;
rewrite /(.*) /abc/$1;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Mar 2019 09:02:15 GMT
Content-Type: application/octet-stream
Content-Length: 20
Connection: keep-alive
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd
http://www.baidu.com
rewrite规则
格式:rewrite regex replacement [flag]
* rewrite配置可以在server、location以及if配置段内生效
* regex是用于匹配的正则表达式,其不会匹配到$host(域名)
* replacement是目标跳转的uri,可以以http://或https://开头,也可以省略掉$host,直接写$request_uri部分(即请求链接)
* flag,用来设置rewrite对uri的处理行为,其中有break、last、redirect、permanent。redirect和permanent的区别在于,redirect是临时重定向(302),而permanent是永久重定向(301)。
对于用户访问来说,两者效果一致;但对于搜索引擎爬虫来说,使用301更利于SEO。所以,建议replacement是以http://或https://开头的,flag使用permanent
示例1:
location / {
rewrite /(.*) http://www.123.com/$1 permanent;
}
说明:.* 为正则表达式,用()括起来,在后面的URL中可以调用它,第一次出现的()用$1调用,第二次出现的()用$2调用,依次类推。
示例2:
location / {
rewrite /.* http://www.123.com$request_uri permanent;
}
说明:在replacement中,支持变量,这里的$request_uri就是客户端请求的链接。
示例3:
server {
listen 80;
service_name www.123.com;
root /tmp/123.com;
index index.html;
rewrite /(.*) /abc/$1 redirect;
}
说明:本例中的rewrite规则有问题,会造成连续循环,而nginx有个最大50次限制,循环超过50次会失败。
修改配置:
# vim /usr/local/nginx/conf/vhost/www.2.com.conf
server {
listen 80;
server_name www.2.com;
index index.html;
root /data/wwwroot/www.2.com;
location / {
rewrite /(.*) /abc/$1 redirect;
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.2.com/1.html
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
# curl -x127.0.0.1:80 www.2.com/1.html -L
curl: (47) Maximum (50) redirects followed
# curl -x127.0.0.1:80 www.2.com/1.html -I
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 22 Apr 2019 13:41:15 GMT
Content-Type: text/html
Content-Length: 154
Location: http://www.2.com/abc/1.html
Connection: keep-alive
# curl -x127.0.0.1:80 www.2.com/abc/1.html -I
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 22 Apr 2019 13:41:27 GMT
Content-Type: text/html
Content-Length: 154
Location: http://www.2.com/abc/abc/1.html
Connection: keep-alive
可以看到,一直在循环 /abc ,直到循环超过50次。
示例4:
server {
listen 80;
service_name www.123.com;
root /tmp/123.com;
index index.html;
rewrite /(.*) /abc/$1 break;
}
说明:在rewrite中使用break,可以避免循环。
示例5:
server {
listen 80;
service_name www.123.com;
root /tmp/123.com;
index index.html;
if ($request_uri !~ '^/abc/')
{
rewrite /(.*) /abc/$1 redirect;
}
}
说明:增加一个条件判断,也可以避免循环。
修改配置:
# vim /usr/local/nginx/conf/vhost/www.2.com.conf
server {
listen 80;
server_name www.2.com;
index index.html;
root /data/wwwroot/www.2.com;
if ($request_uri !~ '^/abc/')
{
rewrite /(.*) /abc/$1 redirect;
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.2.com/1.html -I
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 22 Apr 2019 13:48:42 GMT
Content-Type: text/html
Content-Length: 154
Location: http://www.2.com/abc/1.html
Connection: keep-alive
# curl -x127.0.0.1:80 www.2.com/abc/1.html -I
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 22 Apr 2019 13:50:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
有了条件判断之后,不再进行循环,如果符合条件,直接redirect。
nginx全局变量
变量 说明
$args 请求中的参数,如 www.123.com/1.php?a=1&b=2 的$args就是 a=1&b=2
$content_length http请求信息里的“Content-Length”
$content_type http请求信息里的“Content-Type”
$content_root nginx虚拟主机配置文件中的 root参数对应的值
$document_uri 当前请求中不包含指令的URI,如 www.123.com/1.php?a=1&b=2 的 $document_uri 就是1.php,不包含后面的参数
$host 主机头,即域名
$http_user_agent 客户端的详细信息,也就是浏览器的标识,用curl -A可以指定
$http_cookie 客户端的cookie信息
$limit_rate 如果nginx服务器使用limit_rate配置了显示网络速率,则会显示,没有设置则显示为0
$remote_addr 客户端公网ip
$remote_port 客户端的port
$remote_user 如果nginx有配置认证,该变量代表客户端认证的用户名
$request_body_file 做反向代理时发给后端服务器的本地资源的名称
$request_method 请求资源的方式,GET/PUT/DELETE等
$request_filename 当前请求的资源文件的路径名称,相当于是 $document_root/$document_uri 的组合
$request_uri 请求的链接,包括 $document_uri 和 $args
$scheme 请求的协议,如ftp,http,https
$server_protocol 客户端请求资源使用的协议的版本,如HTTP/1.0,HTTP/1.1,HTTP/2.0等
$server_addr 服务器IP地址
$server_name 服务器的主机名
$server_port 服务器的端口号
$uri 和$document_uri相同
$http_referer 客户端请求时的referer,通俗讲就是该请求是通过哪个链接跳过来的,用curl -e可以指定
nginx生产环境下使用的场景示例
域名跳转(域名重定向)
示例1(不带条件):
server {
listen 80;
server_name www.1.com;
rewrite /(.*) http://www.2.com/$1 permanent;
......
}
修改配置:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
rewrite /(.*) http://www.2.com/$1 permanent;
}
重载配置:
/usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com -I
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 24 Apr 2019 12:47:15 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.2.com/ #301跳转到www.2.com
示例2(带条件):
server {
listen 80;
server_name www.1.com 1.com;
if ($host != 'www.1.com') {
rewrite /(.*) http://www.2.com/$1 permanent;
......
}
}
修改配置:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com 1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ($host != 'www.1.com') {
rewrite /(.*) http://www.2.com/$1 permanent;
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com -I
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2019 12:52:24 GMT
Content-Type: text/html
Content-Length: 10
Last-Modified: Sat, 06 Apr 2019 09:42:39 GMT
Connection: keep-alive
ETag: "5ca8748f-a"
Accept-Ranges: bytes #是www.1.com时照常访问
# curl -x127.0.0.1:80 1.com -I
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 24 Apr 2019 12:52:33 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.2.com/ #是1.com时301跳转到www.2.com
示例3(http跳转到https):
server {
listen 80;
server_name www.1.com;
rewrite /(.*) https://www.2.com/$1 permanent;
......
}
修改配置:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
rewrite /(.*) https://www.2.com/$1 permanent;
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com -I
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 24 Apr 2019 12:59:28 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.2.com/ #301跳转到https://www.2.com
如果本身就是请求的https也不用担心,因为https请求的是443端口而不是80端口。
示例4(域名访问二级目录):
server {
listen 80;
server_name www.1.com;
rewrite /(.*) https://www.2.com/aaa/$1 last;
......
}
修改配置:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
rewrite /(.*) http://www.2.com/aaa/$1 last;
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com -I
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 24 Apr 2019 13:05:18 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: http://www.2.com/aaa/ #302跳转到http://www.2.com/aaa/
示例5(静态请求分离):
server {
listen 80;
server_name www.1.com;
location ~* ^.+.(jpg|jpeg|gif|css|png|js)$
{
rewrite /(.*) https://www.2.com/$1 permanent;
}
......
}
或者
server {
listen 80;
server_name www.1.com;
if ( $uri ~* (jpg|jpeg|gif|css|png|js)$)
{
rewrite /(.*) https://www.2.com/$1 permanent;
}
......
}
修改配置:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
location ~* ^.+.(jpg|jpeg|gif|css|png|js)$
{
rewrite /(.*) http://img.2.com/$1 permanent;
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 www.1.com/1.jpg -I
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 24 Apr 2019 13:22:30 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://img.2.com/1.jpg #301跳转到http://img.2.com/1.jpg
# curl -x127.0.0.1:80 www.1.com/abc/1.jpg -I
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 24 Apr 2019 13:21:42 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://img.2.com/abc/1.jpg #301跳转到http://img.2.com/abc/1.j
防盗链
示例6:
server {
listen 80;
server_name www.1.com;
location ~* ^.+.(jpg|jpeg|gif|css|png|js|rar|zip|flv)$
{
valid_referers none blocked server_names *.1.com 1.com *.2.com 2.com;
if ($invalid_referer)
{
rewrite /(.*) http://img.1.com/images/forbidden.png; #或者直接 return 403;
}
}
......
}
说明:
* 这里是通配,和正则里面的 * 不是一个意思;
none 指的是referer不存在的情况(curl -e 测试);
blocked 指的是referer头部的值被防火墙或代理服务器删除或者伪装的情况,
该情况下,referer头部的值不以http:// 或 https://开头(curl -e 后面跟的referer不以http:// 或 https://开头)。
curl -e 指定来源网址
修改配置:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
location ~* ^.+.(jpg|jpeg|gif|css|png|js|rar|zip|flv)$
{
valid_referers none blocked server_names *.1.com 1.com *.2.com 2.com;
if ($invalid_referer)
{
return 403;
}
}
}
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -e "http://www.2.com/1.html" -x127.0.0.1:80 www.1.com/abc/1.jpg -I
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 24 Apr 2019 13:50:42 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
提示404 Not Found说明没有问题
# curl -e "http://www.3.com/1.html" -x127.0.0.1:80 www.1.com/abc/1.jpg -I
HTTP/1.1 403 Forbidden
Server: nginx
Date: Wed, 24 Apr 2019 13:50:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
从www.3.com过来的请求直接返回403,因为http://www.3.com不是白名单中的referer
伪静态
示例7(比如discuz伪静态):
location / {
rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last;
}
rewrite多个条件的并且
示例8:
location / {
set $rule 0;
if ($document_uri !~ '^/abc')
{
set $rule "${rule}1";
}
if ($http_user_agent ~* 'ie6|firefox')
{
set $rule "${rule}2";
}
if ($rule = "012")
{
rewrite /(.*) /abc/$1 redirect;
}
}
修改配置:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ($request_uri ~ "^/abc/")
{
if ($http_user_agent ~ 'IE|chrome')
{
return 406; #任意定义一个状态码
}
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
nginx: [emerg] "if" directive is not allowed here in /usr/local/nginx/conf/vhost/www.1.com.conf:11
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
可以看到,这样写会报错,因为nginx不支持在if中嵌套if,要想达到多个条件的并且,可以这样做:
修改配置:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
set $rule 0;
if ($request_uri ~ "^/abc/")
{
set $rule "${rule}1";
}
if ($http_user_agent ~ 'IE|chrome')
{
set $rule "${rule}2";
}
if ($rule = "012")
{
return 406;
}
}
重载配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
访问测试:
# curl -x127.0.0.1:80 -A "kdjshd" www.1.com/abc/1.html -I
HTTP/1.1 404 Not Found #返回404
Server: nginx
Date: Wed, 24 Apr 2019 14:00:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
# curl -x127.0.0.1:80 -A "kdjshdchrome" www.1.com/abcd/1.html -I
HTTP/1.1 404 Not Found #返回404
Server: nginx
Date: Wed, 24 Apr 2019 14:04:31 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
# curl -x127.0.0.1:80 -A "kdjshdchrome" www.1.com/abc/1.html -I
HTTP/1.1 406 Not Acceptable #返回406
Server: nginx
Date: Wed, 24 Apr 2019 14:07:22 GMT
Content-Type: text/html
Content-Length: 172
Connection: keep-alive
可以看到,必须同时满足定义的条件,才会返回406。
location配置
语法规则:
nginx location语法规则:location [=|~|~*|^~] /uri/ { … }
,nginx的location匹配的变量是$uri 。
符号 | 说明 |
---|---|
= | 表示精确匹配 |
^~ | 表示uri以指定字符或字符串开头 |
~ | 表示区分大小写的正则匹配 |
~* | 表示不区分大小写的正则匹配 |
/ | 通用匹配,任何请求都会匹配到 |
规则优先级:
= 高于 ^~ 高于 ~* 等于 ~ 高于 /
规则示例:
location = "/12.jpg" { ... }
如:
www.1.com/12.jpg 匹配
www.1.com/abc/12.jpg 不匹配
location ^~ "/abc/" { ... }
如:
www.1.com/abc/123.html 匹配
www.1.com/a/abc/123.jpg 不匹配
location ~ "png" { ... }
如:
www.1.com/aaa/bbb/ccc/123.png 匹配
www.1.com/aaa/png/123.html 匹配
location ~* "png" { ... }
如:
www.1.com/aaa/bbb/ccc/123.PNG 匹配
www.1.com/aaa/png/123.html 匹配
location /admin/ { ... }
如:
www.1.com/admin/aaa/1.php 匹配
www.1.com/123/admin/1.php 不匹配
注意:
有些资料上介绍location支持不匹配 !~,
如: location !~ 'png'{ ... }
这是错误的,location不支持 !~
如果有这样的需求,可以通过if来实现,
如: if ($uri !~ 'png') { ... }
location优先级小于if