Windows版本Nginx开机自启动
可直接下载已经配置好的文件,点击即可下载:Windows版本Nginx1.26.0
下载WinSW v2.12.0
首先从https://github.com/winsw/winsw/releases下载WinSW v2.12.0
下载Nginx
下载地址https://nginx.org/en/download.html
修改配置
1、将下载的WinSW-x64.exe拷贝到nginx的解压目录,我这里是D:\Server\nginx\nginx-1.26.0
2、将WinSW-x64.exe修改为nginx-service.exe
3、新增一个nginx-service.xml文件,内容如下
<service>
<id>Nginx</id>
<name>Nginx Service</name>
<description>Nginx服务</description>
<logpath>D:\Server\nginx\nginx-1.26.0\logs\</logpath>
<logmode>roll</logmode>
<log mode="roll-by-size">
<sizeThreshold>10240</sizeThreshold>
<keepFiles>8</keepFiles>
</log>
<executable>D:\Server\nginx\nginx-1.26.0\nginx.exe</executable>
<stopexecutable>D:\Server\nginx\nginx-1.26.0\nginx.exe -s quit</stopexecutable>
</service>
注意:停止服务一定要使用nginx.exe -s quit,不能使用nginx.exe -s stop,使用后者经过测试无法停止服务。
命令
用管理员身份打开命令行工具,安装服务执行nginx-service.exe install,卸载服务执行nginx-service.exe uninstall
D:\Server\nginx\nginx-1.26.0>
D:\Server\nginx\nginx-1.26.0>nginx-service.exe install
2024-09-07 21:59:18,214 INFO - Installing service 'Nginx Service (Nginx)'...
2024-09-07 21:59:18,248 INFO - Service 'Nginx Service (Nginx)' was installed successfully.
D:\Server\nginx\nginx-1.26.0>
D:\Server\nginx\nginx-1.26.0>nginx-service.exe uninstall
2024-09-07 21:59:28,039 INFO - Uninstalling service 'Nginx Service (Nginx)'...
2024-09-07 21:59:28,044 INFO - Service 'Nginx Service (Nginx)' was uninstalled successfully.
安装成功后,在服务管理器中可以看到
禁止其它域名访问
当一个有多个域名同时配置到一台主机时,这时使用这些域名都可以访问网站,如果要限制其他域名访问,可使用如下配置:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 200M;
# 端口禁止其它二级域名访问
server {
listen 443 ssl default_server;
listen 8443 ssl default_server;
server_name _;
ssl_certificate cert/test.com.pem;
ssl_certificate_key cert/test.com.key;
server_tokens off;
error_page 403 /403.html;
location = /403.html {
root html;
}
error_page 404 /404.html;
location = /404.html {
root html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
return 403;
}
在NGINX的配置文件中,server_name _; 是一个特殊的指令,用于匹配任何未明确指定的域名。当一个HTTP请求到达NGINX服务器时,它会根据请求头中的Host字段来确定应该由哪个server块来处理这个请求。
当使用server_name _;时,这个server块将作为默认服务器来处理那些没有明确匹配到其他server_name的请求。这在你有多个域名或子域名,并且希望为没有匹配到的请求提供一个默认处理方式时非常有用。例如:
http {
server {
listen 80;
server_name example.com;
location / {
# 处理example.com的请求
}
}
server {
listen 80;
server_name _;
location / {
# 处理未匹配到的域名请求
}
}
}
在这个例子中,如果一个请求的Host头是example.com,那么第一个server块将会处理这个请求。如果Host头是其他任何域名,那么第二个server块(使用server_name _;)将会作为默认服务器来处理这个请求。
禁止其它二级域名访问
当有多个二级域名都指向一个主机,可以采用如下方式进行限制,注意这里server_name *.test.com;
server {
listen 443 ssl;
server_name abc.test.com;
ssl_certificate cert/test.com.pem;
ssl_certificate_key cert/test.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_ciphers ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
server_tokens off;
keepalive_timeout 65;
client_max_body_size 200M;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Vary;
add_header Content-Security-Policy "script-src 'self';" always;
add_header 'Access-Control-Allow-Origin' 'https://192.168.31.2:443/';
add_header 'Access-Control-Allow-Origin' 'https://abc.test.com:5443/';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET,POST';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method ~* OPTIONS) {
return 403;
}
# 限制Swagger访问
location ~ ^/api/v2 {
return 403;
}
location / {
root html;
index index.html index.htm;
}
error_page 403 /403.html;
location = /403.html {
root html;
}
error_page 404 /404.html;
location = /404.html {
root html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# 443端口禁止其它二级域名访问
server {
listen 443 ssl;
server_name *.test.com;
ssl_certificate cert/test.com.pem;
ssl_certificate_key cert/test.com.key;
server_tokens off;
error_page 403 /403.html;
location = /403.html {
root html;
}
error_page 404 /404.html;
location = /404.html {
root html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
return 500;
}
禁止Nginx显示版本
使用server_tokens off,可参看上面的示例配置。
禁止访问
# 禁止访问目录
location ^~ /test/ {
deny all;
}
# 禁止访问目录下文件
location ^~ /test {
deny all;
}
# 禁止访问某些后缀文件
location ~ \.(ini|conf|txt)$ {
deny all;
}
# 禁止访问某个目录下的 php 后缀文件
location /directory {
location ~ .*\.(php)?$ {
deny all;
}
}
# 禁止访问多个目录下的 php 后缀文件
location ~* ^/(directory1|directory2)/.*\.(php)$ {
deny all;
}