nginx反向代理解决googleapis字体库问题

November 13, 2021 Linux YY.K Permalink

虽然有第三方的,但是自己nginx里面写死配置来得安稳些.

用法就是在网站目录里面直接引用一下配置文件include googleapis.conf;

这里做了一个虚拟目录/assets/vendor/, 可以根据自己的需求设置.

 

# cat ../googleapis.conf
sub_filter_once off;
sub_filter_types text/css text/xml text/javascript;
sub_filter "https://fonts.googleapis.com" "/assets/vendor/googleapis";
sub_filter "//fonts.googleapis.com" "/assets/vendor/googleapis";
sub_filter "https://ajax.googleapis.com" "/assets/vendor/ajax";
sub_filter "https://fonts.gstatic.com" "/assets/vendor/gstatic";

location /assets/vendor/googleapis {
  rewrite ^/assets/vendor/googleapis/(.+)$ /$1 break;
  sub_filter "https://fonts.gstatic.com" "/assets/vendor/gstatic";
  proxy_set_header Accept-Encoding "";
  proxy_pass https://fonts.googleapis.com;
  proxy_set_header Host "fonts.googleapis.com";
  proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0";
  expires 1y;
}
location /assets/vendor/gstatic {
  rewrite ^/assets/vendor/gstatic/(.+)$ /$1 break;
  proxy_pass https://fonts.gstatic.com:443;
  proxy_set_header Host "fonts.gstatic.com";
  expires 1y;
}
location /assets/vendor/ajax {
  rewrite ^/assets/vendor/ajax/(.+)$ /$1 break;
  proxy_pass https://gajax.googleapis.com;
  proxy_set_header Host ajax.googleapis.com;
  expires 1y;
}
nginx, openresty

Centos7快速部署openresty

November 6, 2019 Linux YY.K Permalink 
curl https://openresty.org/package/centos/openresty.repo -so /etc/yum.repos.d/openresty.repo
yum -y -q install wget  vim-enhanced tcpdump iftop net-tools rsync 
yum -y -q install openresty 
systemctl enable openresty
ln -s  /usr/local/openresty/nginx/sbin/nginx /usr/sbin/ #把nginx文件引用到常规sbin目录
ln -s /usr/local/openresty/nginx/conf /etc/nginx #把目录软连接到常规目录
ln -s /usr/lib/systemd/system/openresty.service /usr/lib/systemd/system/nginx.service #Centos7的服务启动管理nginx别名
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

基础部署完成后,用rsync同步数据后再做其他基础配置基本完成管理.

Centos7, nginx, openresty

nginx lua暴力简单过滤cc攻击

November 1, 2019 Linux YY.K Permalink

原文地址:http://jtwo.me/use-lua-to-protect-nginx-away-from-cc-attack

好像原文出处的页面已经打不开了,原生的nginx需要编译lua,openresty可以直接用。

location ~ \.php$ {
    rewrite_by_lua '
        local md5token = ngx.md5(ngx.var.remote_addr .. ngx.var.http_user_agent)
        if (ngx.var.cookie_humanflag ~= md5token) then
            ngx.header["Set-Cookie"] = "humanflag=" .. md5token
            return ngx.redirect(ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri)
        end
    ';
    ... ...
}

location ~ \.php$ {
    if ($cookie_ipaddr != "$remote_addr"){
        add_header Set-Cookie "ipaddr=$remote_addr";
        rewrite .* "$scheme://$host$uri" redirect;
    }

    ... ...
}
nginx, lua, cc, openresty