General dis..
Nginx 管理员手册
Nginx Admin's Handbook
nginx
@trimstray
trimstray
307页
•
8424 Star
•
2019年5月26日收录
开始阅读
书籍推荐
Nginx学习笔记
tyloafer
•
nginx
•
11页
•
2018年7月8日
0
pyspider中文文档
aaronhua123
•
python
•
18页
•
2019年5月12日
1
数据结构思维
wizardforcel
•
cplusplus
•
20页
•
2018年5月3日
286
Pixi教程
Zainking
•
html5
•
56页
•
2020年5月17日
Twisted与异步编程入门
likebeta
•
python
•
23页
•
2018年6月29日
158
java语法整理
niliv
•
java
•
42页
•
2019年5月26日
2
小字
大字
宋体
黑体
白天
护眼
夜晚
封面
简介
Introduction
General disclaimer
Contributing & Support
Reports: blkcipher.info
SSL Labs
Mozilla Observatory
Printable high-res hardening checklists
Printable high-res hardening cheatsheet
All in one checklist as a quick introduction
Books
Nginx Essentials
Nginx Cookbook
Nginx HTTP Server
Nginx High Performance
ModSecurity 3.0 and NGINX: Quick Start Guide
Cisco ACE to NGINX: Migration Guide
External Resources
Nginx official
Based on the Nginx
Comparison reviews
Cheatsheets & References
Performance & Hardening
Playgrounds
Config generators
Static analyzers
Log analyzers
Performance analyzers
Benchmarking tools
Debugging tools
Development
Other stuff
Helpers
Nginx directories and files
Nginx commands
Nginx processes
Configuration syntax
Comments
Variables & Strings
Directives, Blocks, and Contexts
Measurement units
Enable syntax highlight for Nginx configuration file
Connection processing
Request processing stages
Server blocks logic
Handle incoming connections
Matching location
Error log severity levels
Rate limiting
Analyse configuration
Monitoring
GoAccess
Build and install
Analyse log file and enable all recorded statistics
Analyse compressed log file
Analyse log file remotely
Analyse log file and generate html report
Ngxtop
Analyse log file
Analyse log file and print requests with 4xx and 5xx
Analyse log file remotely
Analyse log file remotely
Testing
Send request to the specific ip:port and show response headers
Send request to the remote host and show response headers
See the top 5 IP addresses in a web server log
Send request and show response headers
See the top 5 IP addresses
Send multiple requests to the specific ip:port
Send multiple requests to the remote host
Send request with http method, user-agent, follow redirects and show response headers
Testing SSL connection to the remote host
Send multiple requests
Testing SSL connection to the remote host (with SNI support)
Testing SSL connection
Testing SSL connection to the remote host with specific ssl version
Testing SSL connection to the remote host with specific version
Testing SSL connection (with SNI support)
Testing SSL connection to the remote host with specific ssl cipher
Testing SSL connection to the remote host with specific cipher
Testing SSL connection with specific SSL version
Testing SSL connection with specific cipher
HTTP Denial of Service attack
Show information about the NGINX processes
Debugging
Get range of dates in a web server log
Show information about NGINX processes
Show the most requested IPs
Check if the module has been compiled
Show the top 5 IP addresses
Show the most accessed IP addresses
Show the top 5 visitors (IP addresses)
Show the most requested urls
Show the most requested urls containing 'string'
Show the most requested urls with http methods
Show the most accessed response codes
Analyse web server log and show only 2xx http codes
Analyse web server log and show only 5xx http codes
Show requests which result 502 and sort them by number per requests by url
Show requests which result 404 for php files and sort them by number per requests by url
Calculating amount of http response codes
Calculating requests per second
Calculating requests per second with IP addresses
Calculating requests per second with IP addresses and urls
Get entries within last n hours
Get entries between two timestamps (range of dates)
Get line rates from web server log
Extract HTTP User Agent from HTTP request header
Extract http User Agent from the http request header
Trace network traffic for all NGINX processes
Capture only http requests
List all files accessed by a NGINX
Check that the gzip_static module is working
Capture requests to the specific server name and filter by source ip and destination port
Capture requests to the remote host and filter by source ip and destination port
Which worker processing current request
Capture only http packets
Extract http User Agent from the http packets
Capture only http GET and POST packets
Capture requests and filter by source ip and destination port
Shell aliases
Configuration snippets
Restricting access with basic authentication
Blocking referrer spam
Limiting referrer spam
Limiting the rate of requests with burst mode
Limiting the rate of requests with burst mode and nodelay
Limiting the number of connections
Adding and removing the www prefix
Rewrite POST request with payload to external endpoint
Allow multiple cross-domains using the CORS headers
Other snippets
Create a temporary static backend
Generate CSR (metadata from exist certificate)
Create a temporary static backend with SSL support
Generate private key without passphrase
Generate CSR
Generate CSR (metadata from existing certificate)
Generate CSR with -config param
Generate private key and csr
Generate ECDSA private key
Generate private key with csr (ECC)
Generate self-signed certificate
Generate self-signed certificate from existing private key
Generate self-signed certificate from existing private key and csr
Generate multidomain certificate
Generate wildcard certificate
Checking whether the private key and the certificate match
Generate certificate with 4096 bit private key
Generate DH Param key
Convert DER to PEM
Convert PEM to DER
Verification of the private key
Verification of the public key
Verification of the certificate
Verification of the CSR
Check whether the private key and the certificate match
RHEL7 or CentOS 7
Debian or Ubuntu
Automatic installation
Nginx package
Dependencies
Compiler and linker
SystemTap
Pre installation tasks
Install or build dependencies
Get Nginx sources
Download 3rd party modules
Build Nginx
Base Rules
Use reload method to change configurations on the fly
Map all the things...
Performance
Hardening
Load Balancing
Others
Reverse Proxy
Installation
Configuration
Import configuration
Set bind IP address
Set your domain name
Regenerate private keys and certs
Update modules list
Generating the necessary error pages
Add new domain
Test your configuration
to improve and to do
contributing guidelines
configuration examples
Define the listen directives explicitly with address:port pair
Prevent processing requests with undefined server names
Force all connections over TLS
Keep NGINX up-to-date
Run as an unprivileged user
Protect sensitive resources
Use min. 2048-bit private keys
Keep only TLS 1.2 and TLS 1.3
Use more secure ECDH Curve
Use strong Key Exchange
Defend against the BEAST attack
Mitigation of CRIME/BREACH attacks
Mitigation of CRIME/BREACH attacks
HTTP Strict Transport Security
Reduce XSS risks (Content-Security-Policy)
Control the behavior of the Referer header (Referrer-Policy)
Provide clickjacking protection (X-Frame-Options)
Prevent some categories of XSS attacks (X-XSS-Protection)
Prevent Sniff Mimetype middleware (X-Content-Type-Options)
Reject unsafe HTTP methods
Organising Nginx configuration
Format, prettify and indent your Nginx code
Use HTTP/2
Maintaining SSL sessions
Use exact names in server_name directive where possible
Avoid checks server_name with if directive
Disable unnecessary modules
Hide Nginx version number
Hide Nginx server signature
Hide upstream proxy headers
Use only the latest supported OpenSSL version
Deny the use of browser features (Feature-Policy)
Control Buffer Overflow attacks
Mitigating Slow HTTP DoS attack (Closing Slow Connections)
Enable DNS CAA Policy
Separate listen directives for 80 and 443
Use only one SSL config for specific listen directive
Use geo/map modules instead allow/deny
Drop the same root inside location block
Adjust worker processes
Make an exact location match to speed up the selection process
Use limit_conn to improve limiting the download speed
Tweak passive health checks
Don't disable backends by comments, use down parameter
Define security policies with security.txt
Mastering Nginx - The virtual server section
online tools
debug log
log formats
OpenResty on CentOS 7
Tengine on Ubuntu 18.04
Pre installation tasks
Install or build dependencies
Get OpenResty sources
Download 3rd party modules
Build OpenResty
Post installation tasks
`sregex`
Install Nginx on Centos 7
Pre installation tasks
Install or build dependencies
Get Tengine sources
Download 3rd party modules
Build Tengine
Post installation tasks
this
Nginx on CentOS 7 - Post installation tasks
Blocking/allowing IP addresses
Virtual server logic
Installation from prebuilt packages
the correct (and strong)
TLSv1.3 and TLSv1.2
only strong ciphers
installation from source
