Nginx地址重写

作者:行癫(盗版必究) ------ ## 一:地址重写 #### 1.rewrite简介 ​ Rewrite对称URL Rewrite,即URL重写,就是把传入Web的请求重定向到其他URL的过程 ​ URL Rewrite最常见的应用是URL伪静态化,是将动态页面显示为静态页面方式的一种技术 ​ 从安全角度上讲,如果在URL中暴露太多的参数,无疑会造成一定量的信息泄漏,所以静态化的URL地址具有更高的安全性 ​ 实现网站地址跳转,例如用户访问360buy.com,将其跳转到jd.com;当用户访问xingdian.com的80端口时,将其跳转到443端口 #### 2.rewrite指令 ​ Nginx Rewrite 相关指令有 if、rewrite、set、return ## 二:if语句 #### 1.应用环境 ​ server,location #### 2.使用语法 ```shell if (condition) { … } ``` #### 3.判断符号 ```shell ~ 正则匹配 (区分大小写) ~* 正则匹配 (不区分大小写) !~ 正则不匹配 (区分大小写) !~* 正则不匹配 (不区分大小写) -f 和!-f 用来判断是否存在文件 -d 和!-d 用来判断是否存在目录 -e 和!-e 用来判断是否存在文件或目录 -x 和!-x 用来判断文件是否可执行 ``` #### 4.全局变量 ​ 在匹配过程中可以引用一些Nginx的全局变量 ```shell $args 请求中的参数; $document_root 针对当前请求的根路径设置值; $host 请求信息中的"Host",如果请求中没有Host行,则等于设置的服务器名; http://www.qf.com $limit_rate 对连接速率的限制; $request_method 请求的方法,比如"GET"、"POST"等; $remote_addr 客户端地址; $remote_port 客户端端口号; $remote_user 客户端用户名,认证用; $request_filename 当前请求的文件路径名(带网站的主目录/usr/local/nginx/html/images /a.jpg) $request_uri 当前请求的文件路径名(不带网站的主目录/images/a.jpg) $query_string 与$args相同; $scheme 用的协议,比如http或者是https $server_protocol 请求的协议版本,"HTTP/1.0"或"HTTP/1.1"; $server_addr 服务器地址,如果没有用listen指明服务器地址,使用这个变量将发起一次系统调用以取得地址(造成资源浪费); $server_name 请求到达的服务器名; $document_uri 与$uri一样,URI地址; $server_port 请求到达的服务器端口号; ``` #### 5.使用案例 ​ 匹配访问的url地址是否是个目录 ```shell if (-d $request_filename) { 当前请求的文件路径名 …; } ``` ​ 匹配访问的地址是否以www开头 ```shell if ( $host ~* ^www) { …; } ``` ## 三:rewrite语句 #### 1.使用简介 ​ rewrite 指令根据表达式来重定向URI,或者修改字符串。可以应用于server,location, if环境下每行rewrite指令最后跟一个flag标记 #### 2.标记 ```shell last 相当于Apache里的[L]标记,表示完成rewrite。默认为last break 本条规则匹配完成后,终止匹配,不再匹配后面的规则 redirect 返回302临时重定向,浏览器地址会显示跳转后的URL地址 permanent 返回301永久重定向,浏览器地址会显示跳转后URL地址 ``` #### 3.使用案例 ​ http://www.testpm.com/a/1.html ==> http://www.testpm.com/b/2.html ```shell location /a { root /html; index 1.html index.htm; rewrite .* /b/2.html permanent; } location /b { root /html; index 2.html index.htm; } ``` ​ http://www.testpm.com/2019/a/1.html ==> http://www.testpm.com/2018/a/1.html ```shell location /2019/a { root /var/www/html; index 1.html index.hml; rewrite ^/2019/(.*)$ /2018/$1 permanent; } location /2018/a { root /var/www/html; index 1.html index.htl; } ``` ​ 准备工作 ![image-20230506222159398](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230506222159398.png) ​ http://www.qf.com/a/1.html ==> http://jd.com ```shell location /a { root /html; if ($host ~* qf.com ) { rewrite .* http://jd.com permanent; } } ``` ​ http://www.qf.com/a/1.html ==> http://jd.com/a/1.html ```shell location /a { root /html; if ( $host ~* qf.com ){ rewrite .* http://jd.com$request_uri permanent; } } ``` ​ 在访问目录后添加/ (如果目录后已有/,则不加/) ```shell # http://www.tianyun.com/a/b/c # $1: /a/b # $2: c # http://$host$1$2/ location /a/b/c { root /usr/share/nginx/html; index index.html index.hml; if (-d $request_filename) { rewrite ^(.*)([^/])$ http://$host$1$2/ permanent; } } ``` ​ http://www.tianyun.com/login/tianyun.html ==> http://www.tianyun.com/reg/login.html?user=tianyun ```shell location /login { root /usr/share/nginx/html; rewrite ^/login/(.*)\.html$ http://$host/reg/login.html?user=$1; } location /reg { root /usr/share/nginx/html; index login.html; } ``` ​ http://www.tianyun.com/qf/11-22-33/1.html ==> http://www.tianyun.com/qf/11/22/33/1.html ```shell location /qf { rewrite ^/qf/([0-9]+)-([0-9]+)-([0-9]+)(.*)$ /qf/$1/$2/$3$4 permanent; } location /qf/11/22/33 { root /html; index 1.html; } ``` ## 四:set指令 #### 1.简介 ​ set 指令是用于定义一个变量,并且赋值 #### 2.应用环境 ​ server,location,if #### 3.应用案例 ​ http://alice.testpm.com ==> http://www.testpm.com/alice ​ http://jack.testpm.com ==> http://www.testpm.com/jack 准备工作: ```shell [root@nginx-server conf.d]# cd /usr/share/nginx/html/ [root@nginx-server html]# mkdir jack alice [root@nginx-server html]# echo "jack.." >> jack/index.html [root@nginx-server html]# echo "alice.." >> alice/index.html 本地解析域名host文件 10.0.105.202 www.testpm.com 10.0.105.202 alice.testpm.com 10.0.105.202 jack.testpm.com ``` 配置文件: ```shell server { listen 80; server_name www.testpm.com; location / { root /usr/share/nginx/html; index index.html index.htm; if ( $host ~* www.testpm.com) { break; } if ( $host ~* "^(.*)\.testpm\.com$" ) { set $user $1; rewrite .* http://www.testpm.com/$user permanent; } } location /jack { root /usr/share/nginx/html; index index.html index.hml; } location /alice { root /usr/share/nginx/html; index index.html index.hml; } } ``` ## 五:return指令 #### 1.简介 ​ return指令用于返回状态码给客户端 #### 2.应用环境 ​ server,location,if #### 3.应用案例 ​ 如果访问的.sh结尾的文件则返回403操作拒绝错误 ```shell server { listen 80; server_name www.testpm.cn; #access_log /var/log/nginx/http_access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; } location ~* \.sh$ { return 403; } } ``` ​ 80 ======> 443 :80转443端口 ```shell server { listen 80; server_name www.testpm.cn; access_log /var/log/nginx/http_access.log main; return 301 https://www.testpm.cn$request_uri; } server { listen 443 ssl; server_name www.testpm.cn; access_log /var/log/nginx/https_access.log main; #ssl on; ssl_certificate /etc/nginx/cert/2447549_www.testpm.cn.pem; ssl_certificate_key /etc/nginx/cert/2447549_www.testpm.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location / { root /usr/share/nginx/html; index index.html index.htm; } } ``` ## 六:break和last #### 1.使用案例 ```shell [root@localhost test]# cat /etc/nginx/conf.d/last_break.conf server { listen 80; server_name localhost; access_log /var/log/nginx/last.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; } location /break/ { root /usr/share/nginx/html; rewrite .* /test/break.html break; } location /last/ { root /usr/share/nginx/html; rewrite .* /test/last.html last; } location /test/ { root /usr/share/nginx/html; rewrite .* /test/test.html break; } } [root@localhost conf.d]# cd /usr/share/nginx/html/ [root@localhost html]# mkdir test [root@localhost html]# echo "last" > test/last.html [root@localhost html]# echo "break" > test/break.html [root@localhost html]# echo "test" > test/test.html http://10.0.105.196/break/break.html http://10.0.105.196/last/last.html ``` #### 2.案例总结 ​ last 标记在本条 rewrite 规则执行完后,会对其所在的 server { … } 标签重新发起请求 ​ break 标记则在本条规则匹配完成后,停止匹配,不再做后续的匹配 ​ 使用 alias 指令时,必须使用 last ​ 使用 proxy_pass 指令时,则必须使用break ## 七:https案例 ​ 使用rewrite的方式进行http转https ```shell server { listen 80; server_name *.vip9999.top vip9999.top; if ($host ~* "^www.vip9999.top$|^vip9999.top$" ) { return 301 https://www.vip9999.top$request_uri; } if ($host ~* "^(.*).vip9999.top$" ) { set $user $1; return 301 https://www.vip9999.top/$user; } } # Settings for a TLS enabled server. server { listen 443 ssl; server_name www.vip9999.top; location / { root /usr/share/nginx/html; index index.php index.html; } #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { root /usr/share/nginx/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } ssl on; ssl_certificate cert/214025315060640.pem; ssl_certificate_key cert/214025315060640.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; } ```