海运的博客

Nginx根据来路、UA和访客IP做访问控制

发布时间:June 2, 2012 // 分类:Nginx // No Comments

Nginx配置判断来路referer如果为*.www.haiyun.me返回403:

if ($http_referer ~* .*\.www.haiyun.me){
return 403;
}

判断用户user_agent如果为NSPlayer返回403:

if ($http_user_agent ~* NSPlayer.*){
return 403;
}

根据访客IP做限制:

if ($remote_addr != "192.168.1.5"){
    return 403;
}

Centos下Nginx添加perl(fastcgi)支持

发布时间:May 31, 2012 // 分类:Nginx // 8 Comments

安装perl-fcgi模块,有安装epel源可使用yum安装:

yum -y install perl-FCGI

编译安装:

wget http://search.cpan.org/CPAN/authors/id/F/FL/FLORA/FCGI-0.74.tar.gz
tar zxvf FCGI-0.74.tar.gz 
cd FCGI-0.74
perl Makefile.PL
make
make install

新建perl脚本用做fastcgi进程管理,保存为/usr/bin/perl-fastcgi.pl

#!/usr/bin/perl

use FCGI;
use Socket;
use POSIX qw(setsid);

require 'syscall.ph';

&daemonize;

#this keeps the program alive or something after exec'ing perl scripts
END() { } BEGIN() { }
*CORE::GLOBAL::exit = sub { die "fakeexit\nrc=".shift()."\n"; };
eval q{exit};
if ($@) {
    exit unless $@ =~ /^fakeexit/;
};

&main;

sub daemonize() {
    chdir '/'                 or die "Can't chdir to /: $!";
    defined(my $pid = fork)   or die "Can't fork: $!";
    exit if $pid;
    setsid                    or die "Can't start a new session: $!";
    umask 0;
}

sub main {
    #$socket = FCGI::OpenSocket( "127.0.0.1:8999", 10 ); #use IP sockets
        $socket = FCGI::OpenSocket( "/tmp/perl-fastcgi.sock", 10 ); #use IP sockets
        $request = FCGI::Request( \*STDIN, \*STDOUT, \*STDERR, \%req_params, $socket );
        if ($request) { request_loop()};
            FCGI::CloseSocket( $socket );
}

sub request_loop {
        while( $request->Accept() >= 0 ) {

           #processing any STDIN input from WebServer (for CGI-POST actions)
           $stdin_passthrough ='';
           $req_len = 0 + $req_params{'CONTENT_LENGTH'};
           if (($req_params{'REQUEST_METHOD'} eq 'POST') && ($req_len != 0) ){
                my $bytes_read = 0;
                while ($bytes_read < $req_len) {
                        my $data = '';
                        my $bytes = read(STDIN, $data, ($req_len - $bytes_read));
                        last if ($bytes == 0 || !defined($bytes));
                        $stdin_passthrough .= $data;
                        $bytes_read += $bytes;
                }
            }

            #running the cgi app
            if ( (-x $req_params{SCRIPT_FILENAME}) &&  #can I execute this?
                 (-s $req_params{SCRIPT_FILENAME}) &&  #Is this file empty?
                 (-r $req_params{SCRIPT_FILENAME})     #can I read this file?
            ){
        pipe(CHILD_RD, PARENT_WR);
        my $pid = open(KID_TO_READ, "-|");
        unless(defined($pid)) {
            print("Content-type: text/plain\r\n\r\n");
                        print "Error: CGI app returned no output - ";
                        print "Executing $req_params{SCRIPT_FILENAME} failed !\n";
            next;
        }
        if ($pid > 0) {
            close(CHILD_RD);
            print PARENT_WR $stdin_passthrough;
            close(PARENT_WR);

            while(my $s = <KID_TO_READ>) { print $s; }
            close KID_TO_READ;
            waitpid($pid, 0);
        } else {
                    foreach $key ( keys %req_params){
                       $ENV{$key} = $req_params{$key};
                    }
                    # cd to the script's local directory
                    if ($req_params{SCRIPT_FILENAME} =~ /^(.*)\/[^\/]+$/) {
                            chdir $1;
                    }

            close(PARENT_WR);
            close(STDIN);
            #fcntl(CHILD_RD, F_DUPFD, 0);
            syscall(&SYS_dup2, fileno(CHILD_RD), 0);
            #open(STDIN, "<&CHILD_RD");
            exec($req_params{SCRIPT_FILENAME});
            die("exec failed");
        }
            }
            else {
                print("Content-type: text/plain\r\n\r\n");
                print "Error: No such CGI app - $req_params{SCRIPT_FILENAME} may not ";
                print "exist or is not executable by this process.\n";
            }

        }
}

新建init脚本,用于管理perl-fastcgi,保存为/etc/init.d/perl-fastcgi

#!/bin/sh
#
# nginx – this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /opt/nginx/conf/nginx.conf
# pidfile: /opt/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

perlfastcgi="/usr/bin/perl-fastcgi.pl"
prog=$(basename perl)

lockfile=/var/lock/subsys/perl-fastcgi

start() {
    [ -x $perlfastcgi ] || exit 5
    echo -n $"Starting $prog: "
    daemon $perlfastcgi
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    stop
    start
}

reload() {
    echo -n $”Reloading $prog: ”
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}
rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
    esac

启动perl-fastcgi进程:

chmod +x /usr/bin/perl-fastcgi.pl 
chmod 755 /etc/init.d/perl-fastcgi
/etc/init.d/perl-fastcgi start
chkconfig perl-fastcgi on

Nginx配置:

server
    {
        listen       80;
        server_name www.haiyun.me;
        index index.pl index.html;
        root  /home/wwwroot/www.haiyun.me;

                location ~ .*\.(pl|cgi)?$
                {
                fastcgi_pass  unix:/tmp/perl-fastcgi.sock;
                fastcgi_index index.cgi;
                fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;  
                include         fastcgi_params;  
                }
                access_log none;
}

新建index.pl脚本测试,加x执行权限。

#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "<html><body>Hello, world.</body></html>";

访问https://www.haiyun.me,如果正常就会显示Hello,world.

Linux/Centos服务器编译安装LNMP环境

发布时间:May 23, 2012 // 分类:Nginx // No Comments

安装编译环境及组件:

yum -y install gcc gcc-c++ make autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel \
libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel \
curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel patch unzip vim-enhanced
wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make
make install
cd ../
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
tar zxvf libiconv-1.14.tar.gz
cd libiconv-1.14
./configure
make
make install
cd ..
wget http://nchc.dl.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.gz
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make
make install
cd ..
ldconfig
wget http://nchc.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make
make install
cd ../

Mysql安装:

wget http://ftp.jaist.ac.jp/pub/mysql/Downloads/MySQL-5.1/mysql-5.1.63.tar.gz
tar zxvf mysql-5.1.63.tar.gz
cd mysql-5.1.63
./configure --prefix=/usr/local/mysql \
--without-debug \
--with-unix-socket-path=/tmp/mysql.sock \
--with-mysqld-ldflags=-all-static \
--with-charset=utf8 \
--with-extra-charsets=gbk,gb2312 \
--with-big-tables \
--with-readline \
--enable-local-infile \
--enable-assembler \
--enable-thread-safe-client 
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
cp support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
chkconfig --level 3 mysqld on
useradd -s /sbin/nologin -M mysql
/usr/local/mysql/bin/mysql_install_db --user=mysql
ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql
ln -s /usr/local/mysql/bin/mysqldump /usr/bin/mysqldump
ln -s /usr/local/mysql/bin/myisamchk /usr/bin/myisamchk
/etc/init.d/mysqld start
/usr/local/mysql/bin/mysqladmin -u root password "password"
cd ../

PHP安装:

wget http://cn.php.net/distributions/php-5.2.17.tar.gz
wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
tar zxvf php-5.2.17.tar.gz
gzip -cd php-5.2.17-fpm-0.5.14.diff.gz | patch -d php-5.2.17 -p1
cd php-5.2.17/            
wget --no-check-certificate https://raw.github.com/laruence/laruence.github.com/master/php-5.2-max-input-vars/php-5.2.17-max-input-vars.patch
patch -p1 < php-5.2.17-max-input-vars.patch
./configure --prefix=/usr/local/php  \
--with-mysql=/usr/local/mysql \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--enable-inline-optimization \
--disable-debug \
--enable-fastcgi \
--enable-fpm \
--enable-xml \
--enable-sockets \
--enable-zip \
--enable-mbstring \
--enable-gd-native-ttf \
--with-iconv-dir \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir \
--with-mcrypt \
--with-gd \
--with-openssl \
--with-mhash \
--with-xmlrpc \
--with-curl 
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-recommended /usr/local/php/etc/php.ini
cp /usr/local/php/sbin/php-fpm /etc/init.d/
chmod 755 /etc/init.d/php-fpm
sed -i '1a # chkconfig: 345 85 15' /etc/init.d/php-fpm
chkconfig --level 3 php-fpm on
/etc/init.d/php-fpm start
ln -s /usr/local/php/bin/php /usr/bin/php
ln -s /usr/local/php/bin/phpize /usr/bin/phpize
ln -s /usr/local/php/sbin/php-fpm /usr/bin/php-fpm
cd ../

Nginx安装:

wget http://sourceforge.net/projects/pcre/files/pcre/8.30/pcre-8.30.tar.gz
tar zxvf pcre-8.30.tar.gz 
cd pcre-8.30
./configure 
make
make install
ln -s /usr/local/lib/libpcre.so.1 /lib/libpcre.so.1
ln -s /usr/local/lib/libpcre.so.1.0.0 /lib/libpcre.so.1.0.0
cd ../
useradd -s /sbin/nologin -M www
wget http://nginx.org/download/nginx-1.0.15.tar.gz
tar zxvf nginx-1.0.15.tar.gz
cd nginx-1.0.15
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make 
make install

Nginx开启状态监控

发布时间:May 14, 2012 // 分类:Nginx // No Comments

Nginx开启监控需在编译时加入with-http_stub_status_module,查看当前Nginx编译参数:

/usr/local/nginx/sbin/nginx -V

1.以二级目录方式开启,编辑配置文件在server段添加:

location /status {
        stub_status on;
        access_log off;
        allow 192.168.1.16;
        deny all;
}

访问www.haiyun.me/status即可看到状态页面。
2.以二级域名方式开启:

server
{
       listen 80;
       server_name status.www.haiyun.me;

       location / {
       stub_status on;
       access_log off;
       allow 192.168.1.16;
       deny all;
       }
}

状态说明:
Active connections: 1 对后端发起的活动连接数
server accepts handled requests
909 909 7148
共处理909个连接,成功创建909次握手,总共处理7148个请求。
Reading: 0 Writing: 1 Waiting: 0
Reading:Nginx读取客户端的Header信息数。
Writing:Nginx返回客户端的Header信息数。
Waiting:开启keep-alive的情况下,等于active-(reading+writing),即Nginx已经处理完成,在等候下一次请求的连接。
在并发数较高,Waiting次数较多正常,如果reading+writing较多,代表并发访问量较大。

Nginx自定义404错误页面

发布时间:May 9, 2012 // 分类:Nginx // No Comments

编辑Nginx配置文件,在server段添加:

listen 80;
         root  /home/wwwroot/www.haiyun.me;
         error_page 404  /404.html;

也可同时定义多个错误状态:

error_page 404 502 403  /404.html;

还可以更改错误状态码:

error_page 404  =200 /404.html;

如果错误页面是php程序:

error_page 404 = /404.php;

404页面最好不要超过512字节,IE浏览器会转向其默认错误页面。

  1. 1
  2. ...
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
分类
最新文章
最近回复
  • 海运: 可能版本问题
  • 海运: 如果运营商限制型号
  • 海运: 没有
  • Mruru: 烽火猫切换rootfs的方法有么大佬?
  • nono: 修改光猫型号是做啥子用的
  • 960: root账号默认密码hg2x0 不对哇
  • rer: 感谢分享!~
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。