vim nginx.conf
http
{
...
#key_limit_req:储存的变量名称, 10m:10MB大小, 40r/s:表示40次请求/秒
limit_req_zone $binary_remote_addr zone=key_limit_req:10m rate=40r/s;
...
}
vim site.conf
server{
....
location / {
limit_req zone=key_limit_req burst=5 nodelay; #请求限制配置
try_files $uri $uri/ /index.php?$query_string;
}
}
1.获取证书,有一些官方出售的证书,但也有免费的比如SSL For Free,而且背后有一些主要的赞助商,例如Mozilla,Chrome,Akamai和Cisco。
2.进入网站后输入您网站的域名,按照提示,选择自动FTP验证或手动验证,验证成功后就可以获得证书,下载应该得到一个sslforfree.zip的压缩包,解压后有3个文件,依次是:ca_bundle.crt(CA /链证书) certificate.crt(针对网站的SSL证书) private.key(证书私钥)
3.接着网站提示的步骤”Installing your SSL Certificate”,找到对应自己web服务器的标签,这里我以Nginx为例:
$ cat certificate.crt ca_bundle.crt >> cert_chain.crt
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
-----END CERTIFICATE----- -----BEGIN CERTIFICATE----
#http访问时301重定向到https
server {
listen 80;
server_name www.ssmvv.com ssmnx.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cert_chain.crt;
ssl_certificate_key /etc/ssl/www.ssmvv.com.key;
server_name www.ssmvv.com ssmnx.com;
...
}
默认的配置是:
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
改成如下:
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
valid_referers none blocked *.ssmnx.com ssmnx.com *.qq.com *.baidu.com *.google.com;
if ($invalid_referer) {
rewrite ^/ http://www.ssmvv.com/epinv.png;
}
expires 30d;
}
解释:
1.”gif|jpg|jpeg|png|bmp|swf” 设置防盗链文件类型,自行修改,每个后缀用 “|” 符号分开!
2.”valid_referers none blocked *.ssmnx.com ssmnx.com *.qq.com *.baidu.com *.google.com;” 允许文件链出的域名白名单 域名与域名直接用空格分开,*.google.com 搜索引擎收录时可能有图片加载,所以这里加入了白名单。
3.”rewrite ^/ http://www.ssmvv.com/epinv.png;” 盗链后返回的图片,注意!此图片要放在没有设置防盗链的网站上。
<br />
private function lock(){<br />
$lock_name = "mb_lock";<br />
$memcache = new Memcache();<br />
$memcache->connect("127.0.0.1", 11211);<br />
$locked = $memcache->add($lock_name, 1, false, 30);<br />
if($locked){<br />
return true;<br />
}else{<br />
$wait = 1;<br />
while ($wait) {<br />
if(!$locked){<br />
usleep(rand(1,100)*1000);<br />
$locked = $memcache->add($lock_name, 1, false, 30);<br />
CakeLog::write("debug","wait:".$wait);<br />
$wait ;<br />
if($wait == 10){<br />
break;<br />
}<br />
}else{<br />
return true;<br />
}<br />
}<br />
}<br />
return $locked;<br />
}</p>
<p> private function un_lock(){<br />
$lock_name = "mb_lock";<br />
$memcache = new <a href="http://www.cillap.com/">beste online casino</a> Memcache();<br />
$memcache->connect("127.0.0.1", 11211);<br />
return $memcache->delete($lock_name, 0);<br />
}</p>
<p> function test(){<br />
$locked = $this->lock();<br />
if($locked){<br />
// usleep(1000*100);<br />
$this->loadModel("AbTest");<br />
$data = $this->AbTest->find("first",array("conditions"=>array("sold"=>0)));<br />
if(!empty($data)){<br />
$this->loadModel("AbAddTest");<br />
$this->AbAddTest->create();<br />
$this->AbAddTest->save(array("test_id"=>$data["AbTest"]["id"],"time"=>time()));<br />
$data["AbTest"]["sold"] = 1;<br />
$this->AbTest->save($data);<br />
}</p>
<p> CakeLog::write("debug","success");<br />
echo "success";<br />
$this->un_lock();<br />
}else{<br />
echo "error";<br />
CakeLog::write("debug","success");<br />
}</p>
<p> }<br />
<br /> home$ ab -n 1000 -c 10 http://local.www.xd.com/games/test<br />
在未使用memcache锁时,使用ab进行并发测试,会有很大几率出现重复数据的插入。
在使用memcache锁后,用ab进行并发测试,已经解决了上述问题
Let’s say we want to establish simple proxy between myhost:80 and myapp:8080. The Apache rule is simple:
APACHE
<VirtualHost myhost:80>
ServerName myhost
DocumentRoot /path/to/myapp/public
ProxyPass / http://myapp:8080/
ProxyPassReverse / http://myapp:8080/
</VirtualHost>
But Nginx does not have ProxyPassReverse…The solution is adding few missing HTTP headers.
Please also see http://wiki.nginx.org/HttpProxyModule#proxy_redirect , This wiki is partly incorrect. If you need to do location header rewriting. You will need to use proxy_redirect as well.
NGINX:
server {
listen myhost:80;
server_name myhost;
location / {
root /path/to/myapp/public;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://myapp:8080;
}
}
用port安装nginx
到http://www.macports.org/install.php下载macports
安装nginx:运行sudo port install nginx spawn-fcgi
安装php:运行sudo port install php53 fcgi php53-cgi php53-mysql php53-curl php53-iconv php53-mcrypt
安装imagick: 运行sudo port install php53-imagick
nginx配置
进入/opt/local/etc/nginx
创建sites-avalaible和sites-enabled文件夹
参考附件的配置文件,编辑nginx.conf, fastcgi.conf, mime.types
参考附件的配置文件在sites-available中创建www, game, bbs三个配置文件分别指向3个git代码库的根目录或webroot目录
php 配置
error_reporting = E_ALL & ~E_NOTICE
display_errors = On
date.timezone = Asia/Shanghai
short_open_tag = On
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
<plist version='1.0'>
<dict>
<key>Label</key><string>org.macports.nginx</string>
<key>ProgramArguments</key>
<array>
<string>/opt/local/bin/daemondo</string>
<string>--label=nginx</string>
<string>--start-cmd</string>
<string>/opt/local/sbin/nginx</string>
<string>;</string>
<string>--pid=fileauto</string>
<string>--pidfile</string>
<string>/opt/local/var/run/nginx/nginx.pid</string>
</array>
<key>Debug</key><false/>
<key>Disabled</key><true/>
<key>KeepAlive</key><true/>
</dict>
</plist>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key><string>org.macports.phpfcgi</string>
<key>Debug</key><false />
<key>OnDemand</key><false />
<key>RunAtLoad</key><false />
<key>EnvironmentVariables</key>
<dict>
<key>PHP_FCGI_CHILDREN</key><string>2</string>
<key>PHP_FCGI_MAX_REQUESTS</key><string>5000</string>
</dict>
<key>LaunchOnlyOnce</key><true />
<key>ProgramArguments</key>
<array>
<string>/opt/local/bin/spawn-fcgi</string>
<string>-C 2</string>
<string>-p 9000</string>
<string>-f /opt/local/bin/php-cgi53</string>
</array>
</dict>
</plist>