1、隐藏nginx版本号
2、nginx配置优化
3、fastcgi优化
#fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2
#keys_zone=TEST:10m
#inactive=5m;
#fastcgi_connect_timeout 300;
#fastcgi_send_timeout 300;
#fastcgi_read_timeout 300;
#fastcgi_buffer_size 4k;
#fastcgi_buffers 8 4k;
#fastcgi_busy_buffers_size 8k;
#fastcgi_temp_file_write_size 8k;
#fastcgi_cache TEST;
#fastcgi_cache_valid 200 302 1h;
#fastcgi_cache_valid 301 1d;
#fastcgi_cache_valid any 1m;
#fastcgi_cache_min_uses 1;
#fastcgi_cache_use_stale error timeout invalid_header http_500;
4、gzip优化
#gzip on;
#gzip_min_length 1k;
#gzip_buffers 4 16k;
#gzip_http_version 1.0;
#gzip_comp_level 2;
#gzip_types text/plain application/x-javascript text/css application/xml;
#gzip_vary on;
5、图片防盗链
location ~* ^. .(gif|jpg|png|swf|flv|rar|zip)${
valid_referers none blocked server_name *.etiantian.org etiantian.org;
if($invalid_referer){
rewrite ^/ http://bbs.etiantian.com/img/nolink.jpg;
}
}
6、防爬虫
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot")
{
return 403;
}
7、限制并发连接数
http {
limit_conn_zone $binary_remote_addr zone=one:10m rate=1r/s; #每秒只能一次请求
limit_conn_zone $server_name zone=two:10m;
server {
location /seven/ {
limit_conn one 1; #每个IP并发为1
limit_conn two 2; #每个虚拟主机连接数2
limit_req zone=one burst=5; #可以有5个请求排队等待
}
