×ðÁú¿­Ê±

ÔõÑùʹÓÃNginx¾ÙÐÐHTTPÇëÇóµÄÇå¾²ÐÔ¼Ó¹Ì

ÎÊÌ⣺ÔõÑùʹÓÃnginx¾ÙÐÐhttpÇëÇóµÄÇå¾²ÐÔ¼Ó¹Ì

СÐò£º

Ëæ×Å»¥ÁªÍøµÄ¿ìËÙÉú³¤ £¬WebÓ¦ÓóÌÐò³ÉΪÍøÂç¹¥»÷µÄÖ÷ҪĿµÄÖ®Ò»¡£ÎªÁË°ü¹ÜÓû§Êý¾ÝµÄÇå¾² £¬ÎÒÃÇÐèÒª½ÓÄÉһϵÁеIJ½·¥À´¼Ó¹Ì×ðÁú¿­Ê±WebЧÀÍÆ÷¡£±¾ÎĽ«ÖصãÏÈÈÝÔõÑùʹÓÃNginxÀ´¼Ó¹ÌHTTPÇëÇóµÄÇå¾²ÐÔ £¬²¢Ìṩ´úÂëʾÀý¹©¶ÁÕ߲ο¼¡£

Ò»¡¢×°ÖÃNginx:

Ê×ÏÈ £¬ÎÒÃÇÐèҪװÖÃNginx¡£ÔÚLinuxÇéÐÎÏ £¬¿ÉÒÔʹÓÃÈçÏÂÏÂÁî¾ÙÐÐ×°Öãº

sudo apt-get update
sudo apt-get install nginx

µÇ¼ºó¸´ÖÆ

×°ÖÃÍê³Éºó £¬Æô¶¯NginxЧÀÍ£º

sudo service nginx start

µÇ¼ºó¸´ÖÆ

¶þ¡¢ÉèÖÃHTTPSЭÒ飺

ΪÁËÈ·±£Êý¾Ý´«ÊäµÄÇå¾²ÐÔ £¬ÔÚ¾ÙÐÐHTTPÇëÇó¼Ó¹Ì֮ǰ £¬ÎÒÃÇÐèÒªÉèÖÃHTTPSЭÒé¡£ÎÒÃÇ¿ÉÒÔͨ¹ýÉêÇëÃâ·ÑµÄSSLÖ¤ÊéÀ´ÆôÓÃHTTPS¡£ÏÂÃæÊÇÉèÖÃNginxÖ§³ÖHTTPSµÄʾÀý´úÂ룺

server {
    listen 443 ssl;
    server_name example.com;
   
    ssl_certificate /etc/nginx/cert/server.crt;
    ssl_certificate_key /etc/nginx/cert/server.key;
   
    location / {
        ...
    }
}

µÇ¼ºó¸´ÖÆ

Çë×¢ÖØ £¬ÉÏÊöʾÀýÖеÄÖ¤Êé·¾¶ÐèҪƾ֤ÏÖÕæÏàÐξÙÐÐÐ޸ġ£

Èý¡¢Ê¹ÓÃHTTPÏÞÖÆÇëÇóÒªÁ죺

ΪÁ˱ÜÃâ¹¥»÷ÕßʹÓÃÌض¨µÄHTTPÒªÁì¶ÔЧÀÍÆ÷¾ÙÐй¥»÷ £¬ÎÒÃÇ¿ÉÒÔʹÓÃNginxµÄ”limit_except”Ö¸ÁîÀ´ÏÞÖÆÖ»ÔÊÐíÌض¨µÄHTTPÒªÌå»á¼ûЧÀÍÆ÷¡£ÒÔÏÂÊÇÒ»¸öʾÀý´úÂ룺

location / {
    limit_except GET POST {
        deny all;
    }
    ...
}

µÇ¼ºó¸´ÖÆ

ÉÏÊöʾÀý´úÂ뽫ֻÔÊÐíGETºÍPOSTÒªÁì¶ÔЧÀÍÆ÷¾ÙÐлá¼û £¬ÆäËûËùÓÐÒªÁ콫±»¾Ü¾ø¡£

ËÄ¡¢ÉèÖÃÇëÇó¾ÞϸÏÞÖÆ£º

ΪÁ˱ÜÃâ¹¥»÷Õß·¢ËÍ´ó×ÚµÄÇëÇóµ¼ÖÂЧÀÍÆ÷¸ºÔعý¸ß»ò¾Ü¾øЧÀÍ £¬ÎÒÃÇ¿ÉÒÔÉèÖÃÇëÇó¾ÞϸµÄÏÞÖÆ¡£ÒÔÏÂÊÇÒ»¸öʾÀý´úÂ룺

client_max_body_size 10m;
client_body_buffer_size 128k;

µÇ¼ºó¸´ÖÆ

ÉÏÊöʾÀý´úÂ뽫ÉèÖÃÇëÇóÌåµÄ×î´ó¾ÞϸΪ10MB £¬²¢ÉèÖûº³åÇø¾ÞϸΪ128KB¡£

Îå¡¢ÆôÓÃSSL¼ÓÃÜЭÒ飺

ÆôÓÃSSL¼ÓÃÜЭÒé¿ÉÒÔ± £»¤HTTPÇëÇóµÄÇå¾²ÐÔ¡£ÒÔÏÂÊÇÒ»¸öʾÀý´úÂ룺

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;

µÇ¼ºó¸´ÖÆ

ÉÏÊöʾÀý´úÂ뽫ÆôÓÃTLSv1.2ºÍTLSv1.3ЭÒé £¬²¢½ûÓò»Çå¾²µÄËã·¨¡£

Áù¡¢ÆôÓÃHTTPÇ徲ͷ²¿£º

ʹÓúÏÊʵÄHTTPÇ徲ͷ²¿¿ÉÒÔ±ÜÃâÐí¶à³£¼ûµÄ¹¥»÷¡£ÒÔÏÂÊÇÒ»¸öʾÀý´úÂ룺

add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";

µÇ¼ºó¸´ÖÆ

ÉÏÊöʾÀý´úÂ뽫ÆôÓÃX-Frame-Options¡¢X-XSS-ProtectionºÍX-Content-Type-OptionsÍ·²¿ £¬ÒÔÌá¸ßWebÓ¦ÓóÌÐòµÄÇå¾²ÐÔ¡£

½áÂÛ£º

ͨ¹ýʹÓÃÉÏÊöÒªÁì £¬ÎÒÃÇ¿ÉÒÔͨ¹ýNginxÀ´¼Ó¹ÌHTTPÇëÇóµÄÇå¾²ÐÔ¡£ÉèÖÃHTTPSЭÒé¡¢ÏÞÖÆHTTPÒªÁì¡¢ÉèÖÃÇëÇó¾ÞϸÏÞÖÆ¡¢ÆôÓÃSSL¼ÓÃÜЭæźÍHTTPÇ徲ͷ²¿ £¬¿ÉÒÔÓÐÓõرÜÃâWeb¹¥»÷²¢°ü¹ÜÓû§Êý¾ÝµÄÇå¾²¡£¶ÁÕß¿ÉÒÔƾ֤×Ô¼ºµÄÐèÇó¾ÙÐÐÏìÓ¦µÄÉèÖà £¬²¢ÍŽáÏÖÕæÏàÐξÙÐÐÓÅ»¯¡£

²Î¿¼ÎÄÏ×£º

Nginx Documentation: https://nginx.org/en/docs/

Nginx Security Best Practices: https://www.nginx.com/blog/preventing-a-nginx-hack/

ÒÔÉϾÍÊÇÔõÑùʹÓÃNginx¾ÙÐÐHTTPÇëÇóµÄÇå¾²ÐԼӹ̵ÄÏêϸÄÚÈÝ £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±ÂËÓÍ»úÍø¹Ù·½Ì¬¶È £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢ £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢ £¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±ÊµÊ±ÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå £¬9:30-18:30 £¬½ÚãåÈÕÐÝÏ¢

QR code
¡¾ÍøÕ¾µØͼ¡¿¡¾sitemap¡¿