nginx配置防盗链的方法

nginx里面,防盗链需要针对你的域名和泛域名做相应的开放,所有图中 *.domain.com 是必须的,否则你的类似 www.domain.com 也会在屏蔽之列了

location ~* \.(gif|jpg|jpeg|png|bmp|swf|flv)$
{
valid_referers none blocked domain.com *.domain.com baidu.com *.baidu.com ;
if ($invalid_referer) {
return 403;
}
}

nginx的高性能参数配置

1)nginx.conf 里面的参数配置,假设服务器8核心(逻辑核心)

worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
worker_rlimit_nofile 102400;
events
{
use epoll;
worker_connections 204800;
accept_mutex on;
}

2) /etc/rc.local

echo “ulimit -SHn 65535” >> /etc/rc.local

3)/etc/security/limits.conf

* soft nofile 655360
* hard nofile 655360

4) /etc/sysctl.conf

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000

 

参考文件:

http://www.open-open.com/lib/view/open1392942521299.html