百度云虚拟主机BCH 配置 rewrite重写功能

今天上午配置了下邯郸信息港的重写功能 , 增加网站访问效率,这个功能还是要加的,用的是百度的云虚拟主机 nginx 内核

直接加重写显然不现实,还好百度说明文档给出解决办法

基础配置文件不能修改,用户如有特殊需要,可添加bcloud_nginx_user.conf文件添加自定义配置

也就是说在/webroot 目录 直接建立一个 bcloud_nginx_user.conf

location /{

if ($host ~* www\.(.*)){
set $host_without_www $1;
rewrite ^(.*)$ http://$host_without_www$1 permanent;
}

}

这是www跳转写法 , 我用的是二级域名所以直接给大家看下dz3.3的静态化重写规则

linux centos7 lnmp nginx 热处理

查找现有版本的模块 /usr/local/nginx/sbin/nginx -V

为添加模块安装openssl

http://www.openssl.org/source/openssl-1.0.1j.tar.gz
cd /usr/local/src
mkdir /usr/local/openssl
tar zxvf openssl-1.0.1j.tar.gz
cd openssl-1.0.1j
./config –prefix=/usr/local/openssl
make
make install
vi /etc/profile
export PATH=$PATH:/usr/local/openssl/bin
:wq!
重新编译NGINX代码和模块
./configure –prefix=/usr/local/nginx –with-openssl=/usr/local/src/openssl-1.0.2
不要安装

make install
make 执行成功结束后我们当前目录objs中的nginx
复制到nginx执行目录

备份原文件
cp /usr/local/nginx/sbin/nginx/usr/local/nginx/sbin/nginx.bak
覆盖文件
cp objs/nginx /usr/local/nginx/sbin/nginx
热重启

/usr/local/nginx/sbin/nginx -s reload

linux centos7 nginx 开机启动设置

假定你源码安装Nginx:
安装路径是/usr/local/nginx
否则变更下面路径的文件:

#cd /etc/init.d/

#vi nginx
粘贴刚才的内容。检查是不是完整
#chmod +x nginx
#chkconfig add nginx
#chkconfig nginx on
在Centos下是这样。其他类同。

#!/bin/sh

#

#nginx – this script starts and stops the nginx daemin

#

# chkconfig:   – 85 15

# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \

#               proxy and IMAP/POP3 proxy server

# processname: nginx

# config:      /home/lnmp/nginx/conf/nginx.conf

# pidfile:     /home/lnmp/nginx/logs/nginx.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ “$NETWORKING” = “no” ] && exit 0

nginx=”/home/lnmp/nginx/sbin/nginx”

prog=$(basename $nginx)

NGINX_CONF_FILE=”/home/lnmp/nginx/conf/nginx.conf”

lockfile=/var/lock/subsys/nginx

start() {

[ -x $nginx ] || exit 5

[ -f $NGINX_CONF_FILE ] || exit 6

echo -n $”Starting $prog: ”

daemon $nginx -c $NGINX_CONF_FILE

retval=$?

echo

[ $retval -eq 0 ] && touch $lockfile

return $retval

}

stop() {

echo -n $”Stopping $prog: ”

killproc $prog -QUIT

retval=$?

echo

[ $retval -eq 0 ] && rm -f $lockfile

return $retval

}

restart() {

configtest || return $?

stop

start

}

reload() {

configtest || return $?

echo -n $”Reloading $prog: ”

killproc $nginx -HUP

RETVAL=$?

echo

}

force_reload() {

restart

}

configtest() {

$nginx -t -c $NGINX_CONF_FILE

}

rh_status() {

status $prog

}

rh_status_q() {

rh_status >/dev/null 2>&1

}

case “$1″ in

start)

rh_status_q && exit 0

$1

;;

stop)

rh_status_q || exit 0

$1

;;

restart|configtest)

$1

;;

reload)

rh_status_q || exit 7

$1

;;

force-reload)

force_reload

;;

status)

rh_status

;;

condrestart|try-restart)

rh_status_q || exit 0

;;

*)

echo $”Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}”

exit 2

esac

linux centos7 lnmp 手动编译,添加php模块

一、下载软件包

1、下载php

2、下载libmcrypt(安装mcrypt需要此软件包)

http://nchc.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz

3、下载mhash(安装mcrypt需要此软件包)

https://acelnmp.googlecode.com/files/mhash-0.9.9.9.tar.gz

4、下载mcrypt

https://lcmp.googlecode.com/files/mcrypt-2.6.8.tar.gz

二、安装软件包

1、安装libmcrypt

cd /usr/local/src  #进入软件包存放目录

tar zxvf libmcrypt-2.5.8.tar.gz  #解压

cd libmcrypt-2.5.8  #进入安装目录

./configure  #配置

make #编译

make install  #安装

2、安装mhash

cd /usr/local/src

tar zxvf mhash-0.9.9.9.tar.gz

cd mhash-0.9.9.9

./configure

make

make install

3、安装mcrypt

cd /usr/local/src

tar zxvf mcrypt-2.6.8.tar.gz

cd mcrypt-2.6.8

ln -s   /usr/local/bin/libmcrypt_config   /usr/bin/libmcrypt_config  #添加软连接

export LD_LIBRARY_PATH=/usr/local/lib  #添加环境变量

./configure

make

make install

如果/home/lnmp/php/lib/extion/…/mcrypt.so 说明成功

Linux 源码安装nginx1.10.2稳定版,源码安装

直接上流程,源码编译安装nginx稳定版,顺带装了nginx的waf防护策略

1. 先安装依赖包
yum install gcc gcc-c++ wget net-tools

make /home/source -p 存放下载的数据包

PCRE 作用是让 Ngnix 支持 Rewrite 功能。
# wget http://jaist.dl.sourceforge.net/project/pcre/pcre/8.38/pcre-8.38.tar.gz
# tar -zxvf pcre-8.38.tar.gz

zlib是提供数据压缩用的函式库
# wget http://zlib.net/zlib-1.2.8.tar.gz
# tar -zxvf zlib-1.2.8.tar.gz

下载1.10.2稳定版nginx
wget http://nginx.org/download/nginx-1.10.2.tar.gz

1.http://luajit.org/download/LuaJIT-2.0.4.tar.gz
直接使用源码make && make install
所以lib和include是直接放在/usr/local/lib和usr/local/include

2.下载ngx_devel_kit解压
https://github.com/simpl/ngx_devel_kit/tags
wget https://github.com/simpl/ngx_devel_kit/archive/v0.2.18.tar.gz –no-check-certificate
tar -zxvf v0.2.18

3.下载nginx_lua_module解压
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.7.tar.gz
tar -zxvf v0.10

# cd 进入nginx的安装目录 ,执行下面两句,导入luajit库的安装目录

export LUAJIT_LIB=/usr/local/lib #这个很有可能不一样
export LUAJIT_INC=/usr/local/include/luajit-2.0 #这个很有可能不一样

./configure –prefix=/home/nginx \
–user=nginx \
–group=nginx \
–with-ld-opt=”-Wl,-rpath,/usr/local/lib” \
–add-module=/home/source/ngx_devel_kit-0.2.18 \
–add-module=/home/source/lua-nginx-module-0.10.7

make -j4 && make install

4.请提前新建/home/logs/hack/目录攻击日志,并赋予nginx用户对该目录的写入权限。
mkdir -p /home/logs/hack/
nginx账户是跑nginx和php-fpm
useradd -g nginx -s /bin/false -M nginx
chown -R nginx:nginx /home/logs/hack/
chmod -R 755 /home/logs/hack/

5. 安装ngx_lua_waf模块
wget https://github.com/loveshell/ngx_lua_waf/archive/master.zip –no-check-certificate
把这个文件解压到
nginx的conf目录下.
把下载下来的master.zip 解压后改名为waf, mv移动到nginx/conf/里面
然后在nginx.conf里的http配置里添加
http {
lua_package_path “/home/nginx/conf/waf/?.lua”;
lua_shared_dict limit 10m;
init_by_lua_file /home/nginx/conf/waf/init.lua;
access_by_lua_file /home/nginx/conf/waf/waf.lua;