6. Nginx rewrite 配置(一)
nginx的rewrite配置是nginx配置中比較核心的部分,rewrite可以實作域名跳轉(重定向)、URL重寫(僞靜态)、動靜分離(跳轉域名,并接入CDN實作加速)。rewrite依賴pcre庫,用到的子產品是ngx_http_rewrite_module。
rewrite相關指令
if指令
格式: if (條件判斷) { 具體的rewrite規則 }
- 條件舉例:
條件判斷語句有nginx内置變量、邏輯判斷符号和目标字元串三部分組成。
其中,内置變量是nginx固定的非自定義的變量,如$request_method、$request_uri等。
邏輯判斷符号有 =、!=、~、~*、!~、!~*。
!表示取反,~為比對符号,它右側為正規表達式,區分大小寫,而~*為不區分大小寫比對。
目标字元串可以是正規表達式,通常不用加引号,但表達式中有特殊符号時,比如空格、花括号、分号等,需要用單引号引起來。
- 示例1:
if ($request_method = POST)
{
return 405;
}
當請求的方法為POST時,直接傳回405狀态碼。if中支援用return指令。
- 示例2:
if ($http_user_agent ~ MSIE )
{
return 403;
}
user_agent帶有MSIE(IE浏覽器)字元的請求,直接傳回403狀态碼。
如果想同時限制多個user_agent,還可以寫成這樣:
if ($http_user_agent ~ "MSIE|firefox|spider")
{
return 403;
}
- 示例3:
if (!-f $request_filename)
{
rewrite 語句;
}
當請求的檔案不存在時,将會執行下面的rewrite規則。
- 示例4:
if ($request_uri ~* 'gid=\d{9,12}/')
{
rewrite 語句;
}
\d表示數字,{9,12}表示數字出現的次數是9到12次,比如gid=123456789是符合條件的,就會執行下面的rewrite規則。
break和last指令
兩個指令用法相同,但含義不同,需要放到rewrite規則的末尾,用來控制重寫後的連結是否繼續被nginx配置執行(主要是rewrite、return指令)。
- 示例1:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on; #打開rewrite日志,在error.log中
rewrite /1.html /2.html;
rewrite /2.html /3.html;
}
重載配置:
# echo "111111" > /data/wwwroot/www.1.com/2.html
# echo "222222" > /data/wwwroot/www.1.com/2.html
# echo "333333" > /data/wwwroot/www.1.com/3.html
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
通路測試:
# curl -x127.0.0.1:80 www.1.com/1.html
333333
說明已經從1.html跳轉到3.html,實際通路到的是3.html。
檢視日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 17:51:27 [notice] 28386#0: *1 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 17:51:27 [notice] 28386#0: *1 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 17:51:27 [notice] 28386#0: *1 "/2.html" matches "/2.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 17:51:27 [notice] 28386#0: *1 rewritten data: "/3.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
- 示例2:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
rewrite /1.html /2.html break;
rewrite /2.html /3.html;
}
重載配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
通路測試:
# curl -x127.0.0.1:80 www.1.com/1.html
222222
說明這一次是從1.html跳轉到2.html,沒有繼續往下面跳轉。
檢視日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:02:18 [notice] 28507#0: *2 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:02:18 [notice] 28507#0: *2 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
- 示例3:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
rewrite /1.html /2.html last;
rewrite /2.html /3.html;
}
重載配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
通路測試:
# curl -x127.0.0.1:80 www.1.com/1.html
222222
檢視日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:08:21 [notice] 28533#0: *3 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:08:21 [notice] 28533#0: *3 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
說明這一次也是從1.html跳轉到2.html,沒有繼續往下面跳轉。在server部配置設定置break和last作用一緻。
- 示例4:
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
location / {
rewrite /1.html /2.html;
rewrite /2.html /3.html;
}
location /2.html {
rewrite /2.html /a.html;
}
location /3.html {
rewrite /3.html /b.html;
}
}
重載配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
通路測試:
# curl -x127.0.0.1:80 www.1.com/1.html
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
檢視日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:18:11 [notice] 6932#0: signal 17 (SIGCHLD) received from 28533
2019/03/11 18:18:27 [notice] 28558#0: *4 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 "/2.html" matches "/2.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 rewritten data: "/3.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 "/3.html" matches "/3.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 rewritten data: "/b.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 "/1.html" does not match "/b.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [notice] 28558#0: *4 "/2.html" does not match "/b.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:18:27 [error] 28558#0: *4 open() "/data/wwwroot/www.1.com/b.html" failed (2: No such file or directory), client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
首先比對到1.html,1.html跳轉到2.html;再比對到2.html,2.html又跳轉到3.html;接下來比對到3.html,3.html跳轉到b.html;b.html還會繼續比對,但沒有比對到,是以通路b.html,因為b.html不存在,是以傳回404狀态碼。
- 示例5:
如果我們在server部分使用了location,那break和last的作用就有差別了。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
location / {
rewrite /1.html /2.html break;
rewrite /2.html /3.html;
}
location /2.html {
rewrite /2.html /a.html;
}
location /3.html {
rewrite /3.html /b.html;
}
}
重載配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
通路測試:
# curl -x127.0.0.1:80 www.1.com/1.html
222222
檢視日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:32:55 [notice] 6750#0: *5 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:32:55 [notice] 6750#0: *5 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
可以看到,隻rewrite一次,從1.html跳轉到2.html就直接退出,後面的location部分也不再執行了。
- 示例6:
如果我們在server部分使用了location,那break和last的作用就有差別了。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
location / {
rewrite /1.html /2.html last;
rewrite /2.html /3.html;
}
location /2.html {
rewrite /2.html /a.html;
}
location /3.html {
rewrite /3.html /b.html;
}
}
重載配置:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reload
通路測試:
# curl -x127.0.0.1:80 www.1.com/1.html
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
檢視日志:
# tail /usr/local/nginx/logs/error.log
2019/03/11 18:38:57 [notice] 6759#0: *6 "/1.html" matches "/1.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 rewritten data: "/2.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 "/2.html" matches "/2.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 rewritten data: "/a.html", args: "", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 "/1.html" does not match "/a.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [notice] 6759#0: *6 "/2.html" does not match "/a.html", client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
2019/03/11 18:38:57 [error] 6759#0: *6 open() "/data/wwwroot/www.1.com/a.html" failed (2: No such file or directory), client: 127.0.0.1, server: www.1.com, request: "GET HTTP://www.1.com/1.html HTTP/1.1", host: "www.1.com"
先從1.html跳轉到2.html,因為有last,是以本location段内的下面的内容不再執行,但是會繼續執行下面的location段,最後比對到2.html(因為比 / 更精準),從2.html跳轉到a.html,因為a.html不存在,是以傳回404狀态碼。
綜上,我們可以得到結論:
* 當rewrite規則在location{}外,break和last作用一樣,遇到break或last後,其後續的rewrite/return語句不再執行。但後續有location{}的話,還會近一步執行location{}裡面的語句,當然前提是請求必須要比對該location。
* 當rewrite規則在location{}裡,遇到break後,本location{}與其他location{}的所有rewrite/return規則都不再執行。
* 當rewrite規則在location{}裡,遇到last後,本location{}裡後續rewrite/return規則不執行,但重寫後的url再次從頭開始執行所有規則,哪個比對執行哪個。
return用法
return指令一般用于對請求的用戶端直接傳回響應狀态碼。在該作用域内return後面的所有nginx配置都是無效的。可以使用在server、location以及if配置中。
除了支援跟狀态碼,還可以跟字元串和url連結。
傳回狀态碼
- 示例1:
server {
listen 80;
server_name www.1.com;
return 403;
rewrite /(.*) /abc/$1; #該行配置不會被執行
}
.*
表示所有,$1表示前面的
.*
# vim /usr/local/nginx/conf/vhost/default.conf
server {
listen 80 default_server;
return 403;
rewrite /(.*) /abc/$1;
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 e2rwejqw.com
<html>
<head><title>403 Forbidden</title></head> #傳回403
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
- 示例2:
server {
......
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 405;
rewrite /(.*) /aaa.txt; #該行配置不會被執行
}
#如果下面還有其他配置,會被執行
......
}
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 405;
rewrite /(.*) /aaa.txt;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 405 Not Allowed #傳回405
Server: nginx
Date: Mon, 11 Mar 2019 08:20:55 GMT
Content-Type: text/html
Content-Length: 166
Connection: keep-alive
傳回字元串
- 示例3:
server {
listen 80;
server_name www.1.com;
return 200 "hello";
}
如果想傳回字元串,必須加上狀态碼,否則會報錯。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 200 "error";
rewrite /(.*) /aaa.txt;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Mar 2019 08:26:58 GMT
Content-Type: application/octet-stream
Content-Length: 5
Connection: keep-alive
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd
error
另外還可以支援JSON資料;支援寫一個變量;支援html代碼。
- 場景實戰:
背景:網站被黑,凡是在百度點選到本網站的請求,全部都跳轉到一個賭博網站。
通過nginx解決:
server {
......
if ( $http_referer ~ 'baidu.com' ) {
return 200 "<html><script>window.location.href='//$host$request_uri';</script></html>";
}
}
如果寫成:
return http://$host$reauest_uri;
,這在浏覽器中會提示“重定向的次數過多”。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 200 "<html><script>window.location.href='//$host$request_uri';</script></html>";
rewrite /(.*) /aaa.txt;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Mar 2019 08:54:17 GMT
Content-Type: application/octet-stream
Content-Length: 79
Connection: keep-alive
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd
<html><script>window.location.href='//www.1.com/123/.htpasswd';</script></html> #傳回的就是域名和連結
傳回url
- 示例4:
server {
listen 80;
server_name www.1.com;
return http://www.baidu.com;
rewrite /(.*) /abc/$1; #該行配置不會被執行
}
注意:return後面的url必須是以
http://
或者
https://
開頭的。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return http://www.baidu.com;
rewrite /(.*) /abc/$1;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 11 Mar 2019 08:44:07 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: http://www.baidu.com #臨時重定向到www.baidu.com
url前面也可以加狀态碼,但隻能是301或302,如果是200,這url會變成字元串傳回。
# vim /usr/local/nginx/conf/vhost/www.1.com.conf
server {
listen 80;
server_name www.1.com;
index index.html;
root /data/wwwroot/www.1.com;
rewrite_log on;
if ( $request_uri ~ "\.htpasswd|\.bak" ) {
return 200 http://www.baidu.com;
rewrite /(.*) /abc/$1;
}
}
# /usr/local/nginx/sbin/nginx -s reload
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd -I
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 11 Mar 2019 09:02:15 GMT
Content-Type: application/octet-stream
Content-Length: 20
Connection: keep-alive
# curl -x127.0.0.1:80 www.1.com/123/.htpasswd
http://www.baidu.com
![修改or隐藏nginx版本号[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)