Nginx configuration related notes

Long time no more, come to the water one ~! ~

Just now, I spent four hundred oceans renting a server from Tencent Cloud Hong Kong (~ heart is bleeding ~), so my blog can finally be announced to return home. PS: I have been using github-page before. It is known that the speed thief is slow. I changed to Singapore’s VPS server, and the speed is even slower. There is no way to buy a domestic cloud server at a big price. The process of blog migration is relatively simple, nothing more than adding nginx parsing, so this article is a bit of water, mainly to record some notes on the nginx configuration web service.

http 301 https

My blog uses a freely issued certificate from Tencent Cloud, so it can be accessed using https. By default, http is also accessible. How to redirect http request 301 to https is the first problem to be solved.
Edit the /etc/nginx/nginx.conf file:

1
2
3
4
5
6
7
8
9
10
11
12
13
......
server {
listen 80;
server_name thief.one;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name thief.one;
......
}
......

Create an 80-port, 443-port web service and redirect the 80-port service to https://... After restarting nginx, access http://thief.one will be redirected by 301 to https://thief.one

Prohibit access to certain directory files

Since my blog project is stored on git, the server web directory contains the .git directory, which is also a sensitive information leak (of course, some static web pages, in fact, there is no harm), then how to configure access in nginx. Directory 403 is the second issue to be solved.
Edit the /etc/nginx/nginx.conf file:

1
2
3
4
5
6
7
8
9
server {
listen 443;
server_name thief.one;
......
location /.git/ {
deny all;
}
}

Add a location to block access to a directory. After restarting nginx, try to access https://thief.one/.git/config to return 403

Load balancing

This has been summarized before: https://thief.one/2017/08/22/1/

can only be accessed by domain name

If the blog does not want to be accessed via IP, you need to disable ip access on nginx, or access ip to the domain name.
Edit the /etc/nginx/nginx.conf file:

1
2
3
4
5
server {
listen 80 default_server;
listen 443 default_server;
return 403
}

Restart nginx, visit: http://150.109.106.49/ Return to 403.

Permissions issue

First of all, I generally do not recommend using the root privileges to start the nginx service. However, if the nginx service is installed with root privileges and the website is placed in the root directory, there is a problem with starting the nginx resolution website (because the configuration file is not started with root privileges by default), so you need to change the configuration file to:

1
user root;

A safer method is to install nginx with normal user rights, move the web directory to the normal user directory, and start the nginx service with normal user rights.

nginx configuration related problem notes, I will record in this article later

本文标题:Nginx configuration related notes

文章作者:nmask

发布时间:2018年07月26日 - 17:07

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2018/07/26/1/en/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: