溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
Example Configuration
配置樣例
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}Syntax: allow address | CIDR | unix: | all; Default: — Context: http, server, location, limit_except
Allows access for the specified network or address. If the special value unix: is specified (1.5.1), allows access for all UNIX-domain sockets.
允許指明的網絡或地址接入,如果值中有unix:,允許所有UNIX-domain套接字接入。
Syntax: deny address | CIDR | unix: | all; Default: — Context: http, server, location, limit_except
Denies access for the specified network or address. If the special value unix: is specified (1.5.1), denies access for all UNIX-domain sockets.
阻止指明的網絡和地址,如果值中有unix:,阻止所有UNIX-domain套接字接入。
實現基于用戶的訪問控制,使用basic機制進行用戶認證;
Example Configuration
配置樣例
location / {
auth_basic "closed site";
auth_basic_user_file conf/htpasswd;
}Syntax: auth_basic string | off; Default: auth_basic off; Context: http, server, location, limit_except
Enables validation of user name and password using the “HTTP Basic Authentication” protocol. The specified parameter is used as a realm. Parameter value can contain variables (1.3.10, 1.2.7). The special value off allows cancelling the effect of the auth_basic directive inherited from the previous configuration level.
Syntax: auth_basic_user_file file; Default: — Context: http, server, location, limit_except
Specifies a file that keeps user names and passwords, in the following format:
指明一個保存了用戶名稱及密碼的文件文件,如下格式:
# comment name1:password1 name2:password2:comment name3:password3
The file name can contain variables.
文件名可以使用變量。
The following password types are supported:
密碼類型支持如下種類:
encrypted with the crypt() function; can be generated using the “htpasswd” utility from the Apache HTTP Server distribution or the “openssl passwd” command;
hashed with the Apache variant of the MD5-based password algorithm (apr1); can be generated with the same tools;
specified by the “{scheme}data” syntax (1.0.3+) as described in RFC 2307; currently implemented schemes include PLAIN (an example one, should not be used), SHA (1.3.13) (plain SHA-1 hashing, should not be used) and SSHA (salted SHA-1 hashing, used by some software packages, notably OpenLDAP and Dovecot).
使用crypt()函數加密,可以使用Apache HTTP Server中的htpasswd生成或者使用openssl passwd命令。
md5的密碼算法(apr1)的Apache變量hash,可以使用相同的工具生成;
像RFC 2307描述的語法一樣指明“{scheme}data”,目前實現的方案包括:PLAIN(一個示例,不應該使用)、SHA(1.3.13)(普通的SHA - 1哈希,不應該使用)和SSHA(在一些軟件包中使加鹽SHA - 1哈希,特別是OpenLDAP和Dovecot)。
Support for SHA scheme was added only to aid in migration from other web servers. It should not be used for new passwords, since unsalted SHA-1 hashing that it employs is vulnerable to rainbow table attacks.
對SHA方案的支持只增加了從其他web服務器遷移的幫助。它不應該被用于新密碼,因為它使用的不加鹽的sha - 1哈希很容易受到rainbow table***。
用于輸出nginx的基本狀態信息
Example Configuration
配置樣例
location /basic_status {
stub_status;
}This configuration creates a simple web page with basic status data which may look like as follows
該配置創建簡單的頁面用來顯示基本數據狀態,效果如下
Active connections: 291 server accepts handled requests 16630948 16630948 31070465 Reading: 6 Writing: 179 Waiting: 106
Syntax: stub_status; Default: — Context: server, location
The basic status information will be accessible from the surrounding location.
從附近的location讀取基本狀態信息。
Active connections
The current number of active client connections including Waiting connections.
客戶端的實際活動連接數,包括等待連接。
accepts
The total number of accepted client connections.
客戶端的總連接數。
handled
The total number of handled connections. Generally, the parameter value is the same as accepts unless some resource limits have been reached (for example, the worker_connections limit).
完成的連接總數。通常的這個字段的值與總連接數相同,除非一些達到資源限制。(例如worker_connections限制)
requests
The total number of client requests.
請求的客戶端總數。
Reading
The current number of connections where nginx is reading the request header.
nginx讀取請求頭部的實際數量。
Writing
The current number of connections where nginx is writing the response back to the client.
nginx返回給客戶端響應報文的實際數量
Waiting
The current number of idle client connections waiting for a request.
等待請求連接的客戶端的實際數量
ngx_http_log_module module用指明的格式記錄日志
Example Configuration
配置樣例
log_format basic '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time'; access_log /spool/logs/nginx-access.log basic buffer=32k;
Sets the path, format, and configuration for a buffered log write. Several logs can be specified on the same level. Logging to syslog can be configured by specifying the “syslog:” prefix in the first parameter. The special value off cancels all access_log directives on the current level.
設定路徑、格式、日志緩沖區配置。多個日志可以配置在一個級別。記錄到syslog需要在第一個字段增加“syslog:”。特殊值off取消了當前級別上的所有訪問日志指令。
If either the buffer or gzip parameter is used, writes to log will be buffered.
The buffer size must not exceed the size of an atomic write to a disk file. For FreeBSD this size is unlimited.
When buffering is enabled, the data will be written to the file:
if the next log line does not fit into the buffer; if the buffered data is older than specified by the flush parameter; when a worker process is re-opening log files or is shutting down.
If the gzip parameter is used, then the buffered data will be compressed before writing to the file. The compression level can be set between 1 (fastest, less compression) and 9 (slowest, best compression). By default, the buffer size is equal to 64K bytes, and the compression level is set to 1. Since the data is compressed in atomic blocks, the log file can be decompressed or read by “zcat” at any time.
如果gzip字段啟用,緩沖的數據在寫入文件之前會被壓縮。壓縮級別可以設置從1(最快、壓縮率最低)至9(最慢、壓縮率最高)。默認的緩沖大小為64K,壓縮級別為1.因為數據被壓縮成為atomic block,日志文件可以被解壓,或通過zcat讀取。
Example:
例如
access_log /path/to/log.gz basic gzip flush=5m;
For gzip compression to work, nginx must be built with the zlib library.
為保證gzip壓縮工作,nginx必須同 zlib 庫一同安裝。
The file path can contain variables, but such logs have some constraints:
文件路徑可以是變量,但這樣的日志有一定的限制。
the user whose credentials are used by worker processes should have permissions to create files in a directory with such logs;
buffered writes do not work;
the file is opened and closed for each log write. However, since the descriptors of frequently used files can be stored in a cache, writing to the old file can continue during the time specified by the open_log_file_cache directive’s valid parameter
-
worker進程的用戶應該在這樣日志的目錄中有創建文件的權限。
緩沖寫入將不能工作
每次文件寫入都要打開關閉文件。但是,由于經常使用的文件的描述符可以存儲在緩存中,可以在open_log_file_cache指定的時間中持續寫入就文件。
The if parameter enables conditional logging. A session will not be logged if the condition evaluates to “0” or an empty string.
日志中啟用if參數條件式,if中條件之為0或者為空字符串的繪畫將不被記錄日志。
Syntax: log_format name [escape=default|json] string ...; Default: — Context: stream
Specifies the log format, for example:
指明文件日志格式,例如
log_format proxy '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
The escape parameter (1.11.8) allows setting json or default characters escaping in variables, by default, default escaping is used.
escape字段允許設置json或default字符轉換成變量,默認情況下,default字符轉換被啟用。
Syntax: open_log_file_cache max=N [inactive=time] [min_uses=N] [valid=time]; open_log_file_cache off; Default: open_log_file_cache off; Context: stream, server
Defines a cache that stores the file descriptors of frequently used logs whose names contain variables. The directive has the following parameters:
定義一個緩存,用于存儲常用日志的文件描述符,這些日志的名稱包含變量:
The directive has the following parameters:
包含如下指令:
max
sets the maximum number of descriptors in a cache; if the cache becomes full the least recently used (LRU) descriptors are closed
設定緩存最大值,緩存滿后,使用LRU算法關閉描述符。
inactive
sets the time after which the cached descriptor is closed if there were no access during this time; by default, 10 seconds
設置在這段時間內沒有訪問時緩存的描述符關閉的時間;默認情況下是10秒
min_uses
sets the minimum number of file uses during the time defined by the inactive parameter to let the descriptor stay open in a cache; by default, 1
在inactive參數定義的時間內設置最小的文件使用數量,讓描述符在緩存中保持開放;默認情況下是1
valid
sets the time after which it should be checked that the file still exists with the same name; by default, 60 seconds
設置需要檢查的時間,該文件仍然以相同的名稱存在;默認情況下是60秒
off
disables caching
關閉緩存
The ngx_http_gzip_module module is a filter that compresses responses using the “gzip” method. This often helps to reduce the size of transmitted data by half or even more.
ngx_http_gzip_module模塊是一個用“gzip”方法壓縮響應的過濾器。這通常有助于將傳輸數據的大小減少一半甚至更多。
Example Configuration
配置樣例
gzip on; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain application/xml;
Syntax: gzip on | off; Default: gzip off; Context: http, server, location, if in location
Enables or disables gzipping of responses.
啟用或禁用gzipping響應。
Syntax: gzip_buffers number size; Default: gzip_buffers 32 4k|16 8k; Context: http, server, location
Sets the number and size of buffers used to compress a response. By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform.
設定相應壓縮緩沖區數量和大小。默認緩沖大小等于一內存分頁。根據平臺為4k或8k。
Until version 0.7.28, four 4K or 8K buffers were used by default.
0.7.28之前,數量4 大小4K和8K是默認情況。
Syntax: gzip_comp_level level; Default: gzip_comp_level 1; Context: http, server, location
Sets a gzip compression level of a response. Acceptable values are in the range from 1 to 9.
設定響應報文gzip壓縮等級。接收值從1到9。
Syntax: gzip_disable regex ...; Default: — Context: http, server, location This directive appeared in version 0.6.23.
Disables gzipping of responses for requests with “User-Agent” header fields matching any of the specified regular expressions.
“User-Agent” HEADER字段匹配到指定的正則表達式時禁用gzipping響應。
The special mask “msie6” (0.7.12) corresponds to the regular expression “MSIE [4-6].”, but works faster. Starting from version 0.8.11, “MSIE 6.0; … SV1” is excluded from this mask.
特殊的匹配碼“msie6”,相當于“MSIE [4-6].”,但是運行速度更快。0.8.11后,“MSIE 6.0;…SV1“被排除在這個掩碼之外。
Syntax: gzip_min_length length; Default: gzip_min_length 20; Context: http, server, location
Sets the minimum length of a response that will be gzipped. The length is determined only from the “Content-Length” response header field.
設定壓縮響應的最小長度。這個長度只根據 “Content-Length”響應HEARD字段。
Syntax: gzip_http_version 1.0 | 1.1; Default: gzip_http_version 1.1; Context: http, server, location
Sets the minimum HTTP version of a request required to compress a response.
設定壓縮報文的最低HTTP版本。
Syntax: gzip_proxied off | expired | no-cache | no-store | private | no_last_modified | no_etag | auth | any ...; Default: gzip_proxied off; Context: http, server, location
Enables or disables gzipping of responses for proxied requests depending on the request and response. The fact that the request is proxied is determined by the presence of the “Via” request header field. The directive accepts multiple parameters:
根據請求和響應,啟用或禁用代理請求的gzipping響應。請求被代理的事實是由“Via”請求頭字段的存在決定的。該條目接受多個字段:
off
disables compression for all proxied requests, ignoring other parameters;
所有代理請求禁用壓縮,拒絕其他字段。
expired
enables compression if a response header includes the “Expires” field with a value that disables caching;
如果響應頭包含“Expires”字段,并具有禁用緩存的值,則啟用壓縮;
no-cache
enables compression if a response header includes the “Cache-Control” field with the “no-cache” parameter;
如果響應頭包含帶有“no-cache”參數的“Cache-Control”字段,則啟用壓縮;
no-store
enables compression if a response header includes the “Cache-Control” field with the “no-store” parameter;
如果響應頭包含“no-store”參數的“Cache-Control”字段,則啟用壓縮;
private
enables compression if a response header includes the “Cache-Control” field with the “private” parameter;
如果響應頭包含帶有“private”參數的“Cache-Control”字段,則啟用壓縮;
no_last_modified
enables compression if a response header does not include the “Last-Modified” field;
如果響應標頭不包含“Last-Modified”字段,則啟用壓縮;
no_etag
enables compression if a response header does not include the “ETag” field;
如果響應頭不包含“ETag”字段,則啟用壓縮;
auth
enables compression if a request header includes the “Authorization” field;
如果請求頭包含“Authorization”字段,則啟用壓縮;
any
enables compression for all proxied requests.
為所有的proxied請求提供壓縮。
Syntax: gzip_types mime-type ...; Default: gzip_types text/html; Context: http, server, location
Enables gzipping of responses for the specified MIME types in addition to “text/html”. The special value “*” matches any MIME type (0.8.29). Responses with the “text/html” type are always compressed.
除了“文本/ html”之外,還允許對指定的MIME類型進行gzipping。特殊值“×”匹配任何MIME類型(0.8.29)。對“文本/ html”類型的響應總是被壓縮。
Syntax: gzip_vary on | off; Default: gzip_vary off; Context: http, server, location
Enables or disables inserting the “Vary: Accept-Encoding” response header field if the directives gzip, gzip_static, or gunzip are active.
如果指令gzip、gzip_static或gunzip是活動的,則啟用或禁用插入“Vary: Accept-Encoding”響應頭字段。
ngx_http_ssl_module模塊為HTTPS提供了必要的支持。
Example Configuration
配置樣例
To reduce the processor load it is recommended to
為了減少處理器負載,建議配置。
set the number of worker processes equal to the number of processors,
enable keep-alive connections,
enable the shared session cache,
disable the built-in session cache,
and possibly increase the session lifetime (by default, 5 minutes):
設置與處理器數量相等的工作進程數
啟用長連接
啟用共享會話緩存
禁用內置會話緩存
可能增加會話的生命周期(默認 5分鐘)
worker_processes auto;
http {
...
server {
listen 443 ssl;
keepalive_timeout 70;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
...
}Syntax: ssl on | off; Default: ssl off; Context: http, server
Enables the HTTPS protocol for the given virtual server.
虛擬主機中啟用HTTPS
It is recommended to use the ssl parameter of the listen directive instead of this directive.
建議使用listen指令的ssl參數而不是這個指令。
Syntax: ssl_buffer_size size; Default: ssl_buffer_size 16k; Context: http, server This directive appeared in version 1.5.9.
Sets the size of the buffer used for sending data.
設定發送數據的緩沖大小。
By default, the buffer size is 16k, which corresponds to minimal overhead when sending big responses. To minimize Time To First Byte it may be beneficial to use smaller values, for example:
默認緩沖大小16K,當發送大的響應時,這相當于最小的開銷,為了將最小化Time To First Byte,可以使用較小的值,例如:
ssl_buffer_size 4k;
Syntax: ssl_certificate file; Default: — Context: http, server
Specifies a file with the certificate in the PEM format for the given virtual server. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates. A secret key in the PEM format may be placed in the same file.
指定給定虛擬服務器的PEM格式的文件。如果要在主證書之外指定中間證書,則應按照以下順序在同一文件中指定它們:首先是主證書,然后是中間證書。PEM格式的秘密密鑰可以放在同一個文件中。
Since version 1.11.0, this directive can be specified multiple times to load certificates of different types, for example, RSA and ECDSA:
由于版本1.11.0,這個指令可以多次指定,以加載不同類型的證書,例如RSA和ECDSA:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate example.com.rsa.crt;
ssl_certificate_key example.com.rsa.key;
ssl_certificate example.com.ecdsa.crt;
ssl_certificate_key example.com.ecdsa.key;
...
}Only OpenSSL 1.0.2 or higher supports separate certificate chains for different certificates. With older versions, only one certificate chain can be used.
只有OpenSSL 1.0.2或更高版本支持單獨的證書鏈,以獲得不同的證書。使用舊版本時,只能使用一個證書鏈。
It should be kept in mind that due to the HTTPS protocol limitations virtual servers should listen on different IP addresses:
應該記住,由于HTTPS協議限制,虛擬服務器應該監聽不同的IP地址:
server {
listen 192.168.1.1:443;
server_name one.example.com;
ssl_certificate one.example.com.crt;
...
}
server {
listen 192.168.1.2:443;
server_name two.example.com;
ssl_certificate two.example.com.crt;
...
}otherwise the first server’s certificate will be issued for the second site.
否則,第一個服務器的證書將被發布到第二個站點.
Syntax: ssl_certificate_key file; Default: — Context: http, server
Specifies a file with the secret key in the PEM format for the given virtual server.
指定給定虛擬服務器的PEM格式的私鑰文件。
Syntax: ssl_ciphers ciphers; Default: ssl_ciphers HIGH:!aNULL:!MD5; Context: http, server
Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library, for example:
指定啟用密文。密文被指明為OpenSSL庫理解的格式,例如:
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
The full list can be viewed using the “openssl ciphers” command.
整個列表可以被“openssl ciphers”命令查看。
The previous versions of nginx used different ciphers by default.
之前版本的nginx加密方式默認不懂。
Syntax: ssl_client_certificate file; Default: — Context: http, server
Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled.
如果啟用ssl_stapling,定義一個文件使用PEM格式的可信CA證書驗證客戶端證書和OCSP響應。
The list of certificates will be sent to clients. If this is not desired, the ssl_trusted_certificate directive can be used.
證書列表將被發送給客戶。如果不需要,可以使用ssl_trusted_certificate指令。
Syntax: ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2] [TLSv1.3]; Default: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Context: http, server
Enables the specified protocols.
啟用指明的協議
The TLSv1.1 and TLSv1.2 parameters (1.1.13, 1.0.12) work only when OpenSSL 1.0.1 or higher is used.
TLSv1.1(1.1.13)和TLSv1.2(1.0.12)只工作在使用的OpenSSL1.0.1級別以上時。
The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used.
TLSv1.3 (1.13.0)只工作在使用的OpenSSL1.1.1級別以上時。
Syntax: ssl_session_cache off | none | [builtin[:size]] [shared:name:size]; Default: ssl_session_cache none; Context: http, server
Sets the types and sizes of caches that store session parameters. A cache can be of any of the following types:
設定存儲會話字段緩存文件的類型和大小。緩存可以使用如下配置
off
the use of a session cache is strictly prohibited: nginx explicitly tells a client that sessions may not be reused.
完全禁止會話緩存:nginx明確指明客戶端會話不能重用
none
the use of a session cache is gently disallowed: nginx tells a client that sessions may be reused, but does not actually store session parameters in the cache.
不允許使用會話緩存:nginx告訴客戶端會話可能重用,但實際上并沒有在緩存中存儲會話參數。
builtin
a cache built in OpenSSL; used by one worker process only. The cache size is specified in sessions. If size is not given, it is equal to 20480 sessions. Use of the built-in cache can cause memory fragmentation.
OpenSSL內置的緩存。只能用于一個worker進程。緩存大小由會話指明。如果沒有給出大小,默認為20480會話。使用內置緩存可以引起內存碎片
shared
a cache shared between all worker processes. The cache size is specified in bytes; one megabyte can store about 4000 sessions. Each shared cache should have an arbitrary name. A cache with the same name can be used in several virtual servers.
在所有worker進程之間的緩存。緩存大小用bytes指明,一個兆字節可以存儲大約4000個會話。每個共享緩存應該具有任意名稱。具有相同名稱的緩存可以在多個虛擬服務器中使用。
Both cache types can be used simultaneously, for example:
所有緩存可同時使用,例如
ssl_session_cache builtin:1000 shared:SSL:10m;
but using only shared cache without the built-in cache should be more efficient.
但是只使用共享緩存,關閉內置緩存應該更高效。
Syntax: ssl_session_timeout time; Default: ssl_session_timeout 5m; Context: http, server
Specifies a time during which a client may reuse the session parameters.
指定一個客戶端可以重用會話參數的超時時間。
The ngx_http_rewrite_module module is used to change request URI using PCRE regular expressions, return redirects, and conditionally select configurations.
ngx_http_rewrite_module模塊用于使用perl正則表達式改變請求URI,返回重定向,有條件地選擇配置。
The ngx_http_rewrite_module module directives are processed in the following order:
ngx_http_rewrite_module模塊指令工作于一下原則:
the directives of this module specified on the server level are executed sequentially;
repeatedly:
a location is searched based on a request URI;
the directives of this module specified inside the found location are executed sequentially;
the loop is repeated if a request URI was rewritten, but not more than 10 times.
-
在虛擬主機各層級上的該模塊指令按順序執行。
重復性
請求URI查詢一個location。
該模塊指令在location中順序執行。
如果URI被重寫持續上面的動作,但不超過10次。
Syntax: rewrite regex replacement [flag]; Default: — Context: server, location, if
If the specified regular expression matches a request URI, URI is changed as specified in the replacement string. The rewrite directives are executed sequentially in order of their appearance in the configuration file. It is possible to terminate further processing of the directives using flags. If a replacement string starts with “http://”, “https://”, or “$scheme”, the processing stops and the redirect is returned to a client.
如果一個請求URI匹配了指明的正則表達式,URI將會根據指明的replacement做出改變。重寫指令按他們在配置文件中出現的次序順序執行。可以使用flags終止更遠的指令運行。如果replacement字段中以 “http://”, “https://”, 或 “$scheme”開頭,處理終止,返回重定向給客戶端。
An optional flag parameter can be one of:
一個flag選項可以是如下之一
last
stops processing the current set of ngx_http_rewrite_module directives and starts a search for a new location matching the changed URI;
停止處理當前的ngx_http_rewrite_module指令集,并開始搜索匹配更改的URI的新位置;
break
stops processing the current set of ngx_http_rewrite_module directives as with the break directive;
停止處理當前的ngx_http_rewrite_module指令集,類似break指令。
redirect
returns a temporary redirect with the 302 code; used if a replacement string does not start with “http://”, “https://”, or “$scheme”;
返回臨時重定向,使用302狀態碼,replacement不能以“http://”, “https://”, “$scheme”開頭。
permanent
returns a permanent redirect with the 301 code.
返回永久重定向,使用狀態碼301。
The full redirect URL is formed according to the request scheme ($scheme) and the server_name_in_redirect and port_in_redirect directives.
URL全部重定向根據請求報文中的scheme($scheme)和server_name_in_redirect、port_in_redirect中的指令。
Example:
例如:
server {
...
rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last;
rewrite ^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra last;
return 403;
...
}But if these directives are put inside the “/download/” location, the last flag should be replaced by break, or otherwise nginx will make 10 cycles and return the 500 error:
但是這些字段如果放進“/download/”location中,結尾flag必須替換成為break,否則nginx將會循環10次然后返回500錯誤狀態碼。
location /download/ {
rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 break;
rewrite ^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra break;
return 403;
}If a replacement string includes the new request arguments, the previous request arguments are appended after them. If this is undesired, putting a question mark at the end of a replacement string avoids having them appended, for example:
如果replacement字段包括新的請求參數,舊的請求參數將會附在后面。如果不希望這樣做,在replacement中后綴?,避免舊請求參數附加。例如
rewrite ^/users/(.*)$ /show?user=$1? last;
If a regular expression includes the “}” or “;” characters, the whole expressions should be enclosed in single or double quotes.
如果一個正則表達式包含“}”或者“;”,整個表達式應該用單引號或雙引號括起來。
Syntax: return code [text]; return code URL; return URL; Default: — Context: server, location, if
Stops processing and returns the specified code to a client. The non-standard code 444 closes a connection without sending a response header.
停止處理,并給客戶端返回狀態碼。非標準狀態碼444,不發送響應頭部,直接關閉連接。
Starting from version 0.8.42, it is possible to specify either a redirect URL (for codes 301, 302, 303, 307, and 308) or the response body text (for other codes). A response body text and redirect URL can contain variables. As a special case, a redirect URL can be specified as a URI local to this server, in which case the full redirect URL is formed according to the request scheme ($scheme) and the server_name_in_redirect and port_in_redirect directives.
從0.8.42版本開始,可以指定重定向URL(用于狀態碼301、302、303、307和308)或響應主體text(其他代碼)。響應主體text可以使用變量。作為特例,可以將重定向URL指定為該服務器的URI,在這種情況下,完全重定向URL根據請求方案($scheme)和server_name_in_redirect和port_in_redirect指令來生成。
In addition, a URL for temporary redirect with the code 302 can be specified as the sole parameter. Such a parameter should start with the “http://”, “https://”, or “$scheme” string. A URL can contain variables.
此外,302是臨時重定向唯一狀態碼。可以使用http://”, “https://”, “$scheme”作為字段的開頭,URL可以使用變量。
Only the following codes could be returned before version 0.7.51: 204, 400, 402 — 406, 408, 410, 411, 413, 416, and 500 — 504.
以下代碼只可以在0.7.51版本之前返回:204、400、402 - 406、408、410、411、413、416和500 - 504。
The code 307 was not treated as a redirect until versions 1.1.16 and 1.0.13.
版本1.1.16和1.0.13之前不支持307狀態碼
The code 308 was not treated as a redirect until version 1.13.0.
1.13.0版本之前不支持308狀態碼
Syntax: if (condition) { ... }
Default: —
Context: server, locationThe specified condition is evaluated. If true, this module directives specified inside the braces are executed, and the request is assigned the configuration inside the if directive. Configurations inside the if directives are inherited from the previous configuration level.
指明的condition將被評估。如果為真,該模塊中的大括號中的內容將會被執行,請求被分配到if指令中。if指令中的配置從上一個配置級別繼承。
A condition may be any of the following:
條件可以是如下情況:
a variable name; false if the value of a variable is an empty string or “0”;
Before version 1.0.1, any string starting with “0” was considered a false value.
comparison of a variable with a string using the “=” and “!=” operators;
matching of a variable against a regular expression using the “~” (for case-sensitive matching) and “~×” (for case-insensitive matching) operators. Regular expressions can contain captures that are made available for later reuse in the $1..$9 variables. Negative operators “!~” and “!~×” are also available. If a regular expression includes the “}” or “;” characters, the whole expressions should be enclosed in single or double quotes.
checking of a file existence with the “-f” and “!-f” operators;
checking of a directory existence with the “-d” and “!-d” operators;
checking of a file, directory, or symbolic link existence with the “-e” and “!-e” operators;
checking for an executable file with the “-x” and “!-x” operators.
1
一個變量名,如果變量值是一個空串或0,則為false
1.0.1版本前,任何以0開頭的的字符串被認為是false
比較字符串可以使用“=”和“!=”符號。
變量匹配正則表達式使用“~”區分大小寫匹配,“~×”不區分大小匹配。正則表達式可以在之后使用$1..$9引用捕獲。取反匹配“!~”“!~×”也可以使用。如果正則表達式中間出現“}”“;”整個字符需要用單引號或雙引號括起來。
檢查文件存在性使用“-f”“!-f” 字段
檢查目錄存在性使用“-d” “!-d”字段
檢查文件、目錄、符號鏈接的存在性使用“-e”“!-e”字段
檢查文件的可執行使用“-x”“-x”字段
Examples:
例如
if ($http_user_agent ~ MSIE) {
rewrite ^(.*)$ /msie/$1 break;
}
if ($http_cookie ~* "id=([^;]+)(?:;|$)") {
set $id $1;
}
if ($request_method = POST) {
return 405;
}
if ($slow) {
limit_rate 10k;
}
if ($invalid_referer) {
return 403;
}A value of the $invalid_referer embedded variable is set by the valid_referers directive.
變量$invalid_referer的值由valid_referers指令設定。
Syntax: set $variable value; Default: — Context: server, location, if
Sets a value for the specified variable. The value can contain text, variables, and their combination.
設定指明變量的值。值可以是文本和變量,也可是文本結合變量。
The ngx_http_referer_module module is used to block access to a site for requests with invalid values in the “Referer” header field. It should be kept in mind that fabricating a request with an appropriate “Referer” field value is quite easy, and so the intended purpose of this module is not to block such requests thoroughly but to block the mass flow of requests sent by regular browsers. It should also be taken into consideration that regular browsers may not send the “Referer” field even for valid requests.
The ngx_http_referer模塊被用于阻止某些請求接入網站,這些情求報文頭部“Referer”值無效。應該記住,使用適當的“引用器”字段值來制造一個請求是相當容易的,因此這個模塊的目的不是要徹底阻塞這些請求,而是阻止常規瀏覽器發送的大量請求。還應該考慮到,普通的瀏覽器可能不會發送“Referer”字段,即使是對有效的請求。
Example Configuration
配置樣例
valid_referers none blocked server_names
*.example.com example.* www.example.org/galleries/
~\.google\.;
if ($invalid_referer) {
return 403;
}Syntax: valid_referers none | blocked | server_names | string ...; Default: — Context: server, location
Specifies the “Referer” request header field values that will cause the embedded $invalid_referer variable to be set to an empty string. Otherwise, the variable will be set to “1”. Search for a match is case-insensitive.
指明請求報文頭部的“Referer”值將使內置的變量$invalid_referer值為空字符串。否則,變量會被設置成為1。搜索匹配不區分大小寫。
Parameters can be as follows:
參數如下所示:
none
the “Referer” field is missing in the request header;
請求頭部中沒有“Referer”字段
blocked
the “Referer” field is present in the request header, but its value has been deleted by a firewall or proxy server; such values are strings that do not start with “http://” or “https://”;
請求頭部中有“Referer”字段但是被防火墻或者代理刪除,這些值和字符串不以“http://”“https://”開頭。
server_names
the “Referer” request header field contains one of the server names;
請求頭部中有“Referer”字段包含一個虛擬主機的名稱
arbitrary string通配符
defines a server name and an optional URI prefix. A server name can have an “×” at the beginning or end. During the checking, the server’s port in the “Referer” field is ignored;
定義一個服務器名稱和一個可選的URI前綴。服務器名在開始或結束時可以有“×”。在檢查期間,“Referer”字段中的服務器端口被忽略;
regular expression正則表達式
the first symbol should be a “~”. It should be noted that an expression will be matched against the text starting after the “http://” or “https://”.
第一個符號應該是“~”。應該注意,在 “http:// ”或“https:// ”之后,表達式將與文本匹配。
Example:
例如
valid_referers none blocked server_names *.example.com example.* www.example.org/galleries/ ~\.google\.;
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
