devttl/reference
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

doc: update nginx.md cheatsheet.

Browse Source
This commit is contained in:
jaywcjlove 2022-10-08 13:01:45 +08:00
parent 1ee5910d86
commit 6eb1ef3260
2 changed files with 86 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
docs/nginx.md
View File

@ -7,11 +7,13 @@ NGINX 备忘清单
---- ----
### 服务管理 ### 服务管理
<!--rehype:wrap-class=row-span-2-->
```bash ```bash
sudo systemctl status nginx # nginx当前状态 sudo systemctl status nginx # nginx当前状态
sudo systemctl reload nginx # 重新加载 nginx sudo systemctl reload nginx # 重新加载 nginx
sudo systemctl restart nginx # 重启nginx sudo systemctl restart nginx # 重启nginx
sudo nginx -t # 检查语法 sudo nginx -t # 检查语法
nginx # 启动 nginx # 启动
nginx -s reload # 重启 nginx -s reload # 重启
@ -20,6 +22,13 @@ nginx -s quit # 平滑关闭nginx
nginx -V # 查看nginx的安装状态 nginx -V # 查看nginx的安装状态
``` ```
### Docker 安装
<!--rehype:wrap-class=col-span-2-->
```bash
docker run --name some-nginx -v /some/content:/usr/share/nginx/html:ro -d nginx
```
### 简单代理 ### 简单代理
<!--rehype:wrap-class=col-span-2--> <!--rehype:wrap-class=col-span-2-->
@ -28,10 +37,6 @@ location / {
proxy_pass http://127.0.0.1:3000; proxy_pass http://127.0.0.1:3000;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
# 客户端的 IP 地址
proxy_set_header X-Real-IP $remote_addr;
# HTTP 请求端真实的IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
``` ```
@ -766,16 +771,35 @@ location /img/ {
# 会去 /var/www/image/img/ 目录下找文件 # 会去 /var/www/image/img/ 目录下找文件
``` ```
### 屏蔽 .git 等文件 ### 屏蔽文件目录
<!--rehype:wrap-class=col-span-2--> <!--rehype:wrap-class=col-span-2 row-span-2-->
通用备份和归档文件
```nginx ```nginx
location ~ (.git|.gitattributes|.gitignore|.svn) { location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
deny all; deny all;
} }
``` ```
<!--rehype:className=wrap-text --> <!--rehype:className=wrap-text -->
拒绝访问 `.git``.svn` 目录
```nginx
location ~ (.git|.svn) {
deny all;
}
```
<!--rehype:className=wrap-text -->
拒绝访问隐藏文件和目录
```nginx
location ~ /\.(?!well-known\/) {
deny all;
}
```
### 防盗图配置 ### 防盗图配置
<!--rehype:wrap-class=col-span-4--> <!--rehype:wrap-class=col-span-4-->
@ -788,7 +812,59 @@ location ~ \/public\/(css|js|img)\/.*\.(js|css|gif|jpg|jpeg|png|bmp|swf) {
} }
``` ```
### 阻止常见攻击
<!--rehype:wrap-class=col-span-2-->
#### base64编码的网址
```nginx
location ~* "(base64_encode)(.*)(\()" {
deny all;
}
```
#### javascript eval() url
```nginx
location ~* "(eval\()" {
deny all;
}
```
### Gzip 配置
<!--rehype:wrap-class=col-span-4 row-span-2-->
```nginx
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "msie6";
```
### 使网站不可索引
<!--rehype:wrap-class=col-span-2-->
```nginx
add_header X-Robots-Tag "noindex";
location = /robots.txt {
return 200 "User-agent: *\nDisallow: /\n";
}
```
另见 另见
--- ---
- [Nginx 安装维护入门学习笔记](https://jaywcjlove.github.io/nginx-tutorial) _(jaywcjlove.github.io)_ - [Nginx 安装维护入门学习笔记](https://jaywcjlove.github.io/nginx-tutorial) _(jaywcjlove.github.io)_
- [](https://virtubox.github.io/advanced-nginx-cheatsheet/) _(virtubox.github.io)_

4
docs/quickreference.md
View File

@ -51,8 +51,8 @@ HTML 存放在仓库根目录下的 `dist` 目录中,将 `dist/index.html` 静
#### 语法 #### 语法
`<!--rehype:` + `key=value` + `&` + `key=value` + `-->` `<!--rehype:` _+_ `key=value` _+_ **`&`** _+_ `key=value` _+_ `-->`
`标识开始` + `参数` + `分隔符` + `参数` + `标识结束` `标识开始` + `参数` + `分隔符(&)` + `参数` + `标识结束`
#### 示例 #### 示例