Nginx安全相关配置-防止压力测试工具
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.搭建web服务器提供正常访问
1>.编辑主配置文件
[root@node101.yinzhengjie.org.cn ~]# cat /yinzhengjie/softwares/nginx/conf/nginx.conf worker_processes 4; worker_cpu_affinity 00000001 00000010 00000100 00001000; events { worker_connections 100000; use epoll; accept_mutex on; multi_accept on; } http { include mime.types; default_type text/html; server_tokens off; charset utf-8; log_format my_access_json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"responsetime":$request_ti me,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"uri":"$uri",' '"domain":"$host",' '"xff":"$http_x_forwarded_for",' '"referer":"$http_referer",' '"tcp_xff":"$proxy_protocol_addr",' '"http_user_agent":"$http_user_agent",' '"status":"$status"}'; access_log logs/access_json.log my_access_json; ssl_certificate /yinzhengjie/softwares/nginx/certs/www.yinzhengjie.org.cn.crt; ssl_certificate_key /yinzhengjie/softwares/nginx/certs/www.yinzhengjie.org.cn.key; ssl_session_cache shared:sslcache:20m; ssl_session_timeout 10m; include /yinzhengjie/softwares/nginx/conf.d/*.conf; } [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# nginx -t nginx: the configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf syntax is ok nginx: configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf test is successful [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
2>.编辑子配置文件
[root@node101.yinzhengjie.org.cn ~]# cat /yinzhengjie/softwares/nginx/conf.d/node101_yinzhengjie_org.cn.conf server { listen 80; listen 443 ssl; server_name node101.yinzhengjie.org.cn; access_log /yinzhengjie/softwares/nginx/logs/node101_yinzhengjie_org_cn_access.log my_access_json; error_log /yinzhengjie/softwares/nginx/logs/node101_yinzhengjie_org_cn_error.log; location / { root /yinzhengjie/data/web/nginx/static/cn; index index.html; } location = /favicon.ico { root /yinzhengjie/data/web/nginx/images/jd; } } [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# nginx -t nginx: the configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf syntax is ok nginx: configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf test is successful [root@node101.yinzhengjie.org.cn ~]#
3>.准备测试数据
[root@node101.yinzhengjie.org.cn ~]# mkdir -pv /yinzhengjie/data/web/nginx/{static,images}
mkdir: created directory ‘/yinzhengjie/data/web/nginx’
mkdir: created directory ‘/yinzhengjie/data/web/nginx/static’
mkdir: created directory ‘/yinzhengjie/data/web/nginx/images’
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# mkdir -pv /yinzhengjie/data/web/nginx/static/cn/css
mkdir: created directory ‘/yinzhengjie/data/web/nginx/static/cn’
mkdir: created directory ‘/yinzhengjie/data/web/nginx/static/cn/css’
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# mkdir -pv /yinzhengjie/data/web/nginx/images/jd
mkdir: created directory ‘/yinzhengjie/data/web/nginx/images/jd’
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/web/nginx/static/cn/css/
total 1004
-rw-r--r-- 1 root root 1025154 Dec 24 18:29 01.png
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# cat /yinzhengjie/data/web/nginx/static/cn/index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>node101.yinzhengjie.org.cn</title>
<style type="text/css">
/*清除所有标签的默认样式*/
*{
padding: 0;
margin: 0;
}
.box1{
width: 1215px;
height: 700px;
background-image: url(css/01.png);
}
p{
color: red;
font-size: 32px;
font-weight: bold;
font-family: "arial","华文彩云","微软雅黑",serif;
}
</style>
</head>
<body>
<p>这是"node101.yinzhengjie.org.cn"的首页</p>
<div class="box1"></div>
</body>
</html>
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# wget https://www.jd.com/favicon.ico -O /yinzhengjie/data/web/nginx/images/jd/favicon.ico #此处我们从网上下载一张图片作为标签的logo
--2019-12-24 18:51:03-- https://www.jd.com/favicon.ico
Resolving www.jd.com (www.jd.com)... 220.194.105.131, 2408:8710:20:1140:8000::3
Connecting to www.jd.com (www.jd.com)|220.194.105.131|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 25214 (25K) [image/x-icon]
Saving to: ‘/yinzhengjie/data/web/nginx/images/jd/favicon.ico’
100%[==================================================================================================================================>] 25,214 --.-K/s in 0s
2019-12-24 18:51:09 (404 MB/s) - ‘/yinzhengjie/data/web/nginx/images/jd/favicon.ico’ saved [25214/25214]
[root@node101.yinzhengjie.org.cn ~]#
4>.启动nginx服务
[root@node101.yinzhengjie.org.cn ~]# netstat -untalp | grep nginx [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# nginx [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# netstat -untalp | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 24954/nginx: master tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 24954/nginx: master [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#
5>.浏览器访问"https://node101.yinzhengjie.org.cn/",如下图所示
6>.查看nginx的日志信息
二.使用ab命令对服务器进行压力测试
1>.安装apache的压力测试工具
[root@node101.yinzhengjie.org.cn ~]# yum -y install http-tools Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.tuna.tsinghua.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn base | 3.6 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 No package http-tools available. Error: Nothing to do [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# yum -y install httpd-tools Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.tuna.tsinghua.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn Resolving Dependencies --> Running transaction check ---> Package httpd-tools.x86_64 0:2.4.6-90.el7.centos will be installed --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-tools-2.4.6-90.el7.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-tools-2.4.6-90.el7.centos.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.4.8-5.el7 will be installed ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================================================================== Package Arch Version Repository Size ===================================================================================================================================================== Installing: httpd-tools x86_64 2.4.6-90.el7.centos base 91 k Installing for dependencies: apr x86_64 1.4.8-5.el7 base 103 k apr-util x86_64 1.5.2-6.el7 base 92 k Transaction Summary ===================================================================================================================================================== Install 1 Package (+2 Dependent packages) Total download size: 286 k Installed size: 584 k Downloading packages: apr-util-1.5.2-6.el7.x86_64.rp FAILED http://mirror.lzu.edu.cn/centos/7.7.1908/os/x86_64/Packages/apr-util-1.5.2-6.el7.x86_64.rpm: [Errno 14] curl#56 - "Recv failure: Connection reset by peer"Trying other mirror. (1/3): apr-1.4.8-5.el7.x86_64.rpm | 103 kB 00:00:00 (2/3): httpd-tools-2.4.6-90.el7.centos.x86_64.rpm | 91 kB 00:00:00 (3/3): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:06 ----------------------------------------------------------------------------------------------------------------------------------------------------- Total 44 kB/s | 286 kB 00:00:06 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : apr-1.4.8-5.el7.x86_64 1/3 Installing : apr-util-1.5.2-6.el7.x86_64 2/3 Installing : httpd-tools-2.4.6-90.el7.centos.x86_64 3/3 Verifying : apr-1.4.8-5.el7.x86_64 1/3 Verifying : httpd-tools-2.4.6-90.el7.centos.x86_64 2/3 Verifying : apr-util-1.5.2-6.el7.x86_64 3/3 Installed: httpd-tools.x86_64 0:2.4.6-90.el7.centos Dependency Installed: apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 Complete! [root@node101.yinzhengjie.org.cn ~]#