From 6eb1ef32603e3c010f99e48a5ddf1ef94de56962 Mon Sep 17 00:00:00 2001 From: jaywcjlove <398188662@qq.com> Date: Sat, 8 Oct 2022 13:01:45 +0800 Subject: [PATCH] doc: update `nginx.md` cheatsheet. --- docs/nginx.md | 92 ++++++++++++++++++++++++++++++++++++++---- docs/quickreference.md | 4 +- 2 files changed, 86 insertions(+), 10 deletions(-) diff --git a/docs/nginx.md b/docs/nginx.md index ea0cf42..a564186 100644 --- a/docs/nginx.md +++ b/docs/nginx.md @@ -7,11 +7,13 @@ NGINX 备忘清单 ---- ### 服务管理 + ```bash sudo systemctl status nginx # nginx当前状态 sudo systemctl reload nginx # 重新加载 nginx sudo systemctl restart nginx # 重启nginx + sudo nginx -t # 检查语法 nginx # 启动 nginx -s reload # 重启 @@ -20,6 +22,13 @@ nginx -s quit # 平滑关闭nginx nginx -V # 查看nginx的安装状态, ``` +### Docker 安装 + + +```bash +docker run --name some-nginx -v /some/content:/usr/share/nginx/html:ro -d nginx +``` + ### 简单代理 @@ -28,10 +37,6 @@ location / { proxy_pass http://127.0.0.1:3000; proxy_redirect off; proxy_set_header Host $host; - # 客户端的 IP 地址 - proxy_set_header X-Real-IP $remote_addr; - # HTTP 请求端真实的IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } ``` @@ -766,16 +771,35 @@ location /img/ { # 会去 /var/www/image/img/ 目录下找文件 ``` -### 屏蔽 .git 等文件 - +### 屏蔽文件目录 + + +通用备份和归档文件 ```nginx -location ~ (.git|.gitattributes|.gitignore|.svn) { +location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; } ``` +拒绝访问 `.git` 和 `.svn` 目录 + +```nginx +location ~ (.git|.svn) { + deny all; +} +``` + + +拒绝访问隐藏文件和目录 + +```nginx +location ~ /\.(?!well-known\/) { + deny all; +} +``` + ### 防盗图配置 @@ -788,7 +812,59 @@ location ~ \/public\/(css|js|img)\/.*\.(js|css|gif|jpg|jpeg|png|bmp|swf) { } ``` +### 阻止常见攻击 + + +#### base64编码的网址 + +```nginx +location ~* "(base64_encode)(.*)(\()" { + deny all; +} +``` + +#### javascript eval() url + +```nginx +location ~* "(eval\()" { + deny all; +} +``` + +### Gzip 配置 + + +```nginx +gzip on; +gzip_buffers 16 8k; +gzip_comp_level 6; +gzip_http_version 1.1; +gzip_min_length 256; +gzip_proxied any; +gzip_vary on; +gzip_types + text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml + text/javascript application/javascript application/x-javascript + text/x-json application/json application/x-web-app-manifest+json + text/css text/plain text/x-component + font/opentype application/x-font-ttf application/vnd.ms-fontobject + image/x-icon; +gzip_disable "msie6"; +``` + +### 使网站不可索引 + + +```nginx +add_header X-Robots-Tag "noindex"; + +location = /robots.txt { + return 200 "User-agent: *\nDisallow: /\n"; +} +``` + 另见 --- -- [Nginx 安装维护入门学习笔记](https://jaywcjlove.github.io/nginx-tutorial) _(jaywcjlove.github.io)_ \ No newline at end of file +- [Nginx 安装维护入门学习笔记](https://jaywcjlove.github.io/nginx-tutorial) _(jaywcjlove.github.io)_ +- [](https://virtubox.github.io/advanced-nginx-cheatsheet/) _(virtubox.github.io)_ \ No newline at end of file diff --git a/docs/quickreference.md b/docs/quickreference.md index 3ce8c78..23b2c1c 100644 --- a/docs/quickreference.md +++ b/docs/quickreference.md @@ -51,8 +51,8 @@ HTML 存放在仓库根目录下的 `dist` 目录中,将 `dist/index.html` 静 #### 语法 -`` -`标识开始` + `参数` + `分隔符` + `参数` + `标识结束` +`` +`标识开始` + `参数` + `分隔符(&)` + `参数` + `标识结束` #### 示例